FF16 back to their Origin length.Enjoy Free 888+200 Daily Legal Bonus

Resolved crzyhrse
(@crzyhrse)

6 months, 4 weeks ago

This from Wordfence:

Popup Builder <= 4.3.3 – Sensitive Information Exposure via Imported Subscribers CSV File

“The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via a CSV file. This data may include the first name, last name, e-mail address, and potentially other personally identifiable information of subscribers.”

Hoping for a soon fix…

Kind regards

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Support Jawad Ahmed
(@jawada)

6 months, 2 weeks ago

Hi @crzyhrse @msstm

Thank you for bringing this to our attention. Our team is aware of the vulnerability, and a beta version that addresses the issue is currently in testing. If you would like early access to the beta version before the official update is released, please reach out to us via our support page. ?You can visit our support page, where you’ll find options to chat with us or send an email. Our team is available to assist you and will gladly provide you with the beta version.

Best Regards

Plugin Support Jawad Ahmed
(@jawada)

2 months ago

Hi @crzyhrse

Since we haven’t heard back from you for some time, we will consider this thread resolved. If you need further assistance, please don’t hesitate to reach out to us through our dedicated support forum, and we will be happy to assist you accordingly.

Thank you!
Thread Starter crzyhrse
(@crzyhrse)

2 months ago
And I have just changed i BACK to NOT RESOLVED…

Wordfence continues to report, as of this very moment and for this very current version of your plugin, that:
- Issue Found January 24, 2025
  Critical
- The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via a CSV file. This data may include the first name, last name, e-mail address, and potentially other personally identifiable information of subscribers.
- Plugin Name:?Popup Builder – Create highly converting, mobile friendly marketing popups.
- Current Plugin Version:?4.3.6
- Details:?To protect your site from this vulnerability, the safest option is to deactivate and completely remove “Popup Builder – Create highly converting, mobile friendly marketing popups.” until a patched version is available.?Get more information. (opens in new tab)
- Plugin URL:https://popup-builder.com
- Repository URL:https://www.ads-software.com/plugins/popup-builder
- Vulnerability Information:https://www.wordfence.com/threat-intel/vulnerabilities/id/086cd6a0-adb6-4e12-b34c-630297f036f3?source=plugin
- Vulnerability Severity:?5.3/10.0 (Medium)
So it is NOT fixed…

Please FIX IT, por favor…???

:

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Sensitive Information Exposure via Imported Subscribers’ is closed to new replies.