Spinach benefits for skin pigmentation,Mnl168 slot withdrawal.Recharge Every day and Get Bonus up-to 50%!

Resolved slavisamonobunt
(@slavisamonobunt)

2 months, 4 weeks ago

Let us know if this is planned to be fixed. Thank you.

Sensitive Data Exposure

This could allow a malicious actor to view sensitive information that is normally not available to regular users. This can be used to exploit other weaknesses in the system.
https://patchstack.com/database/vulnerability/popup-builder/wordpress-popup-builder-plugin-4-3-3-sensitive-information-exposure-via-imported-subscribers-csv-file-vulnerability

The page I need help with: [log in to see the link]

Viewing 10 replies - 1 through 10 (of 10 total)

caordawebsol
(@caordawebsol)

2 months, 4 weeks ago

We also have this issue – looking for a fix. Thanks!

greentreefrog
(@greentreefrog)

2 months, 4 weeks ago

WordFence identified this same issue on our site. Note that their description at the aforementioned link includes this:

“The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via a CSV file.”

Seems that if you don’t import subscribers via a CSV file, you’ll be fine. Nevertheless, I look forward to a fix.

espressivo
(@espressivo)

2 months, 3 weeks ago

Same…

moonshotmg
(@moonshotmg)

2 months, 3 weeks ago

We have received the same notification from WordFence and Jetpack. Do the developers have plans to push a patch update on the issue?

Also, can we roll back to our previous update to resolve for the time being? Looks like the problem started happening with 4.3.3.

lisath
(@lisath)

2 months, 3 weeks ago

It would also be helpful to know if we’re still vulnerable even if we haven’t imported subscribers.

Emielb
(@emielb)

2 months, 3 weeks ago

Even if the patch isn’t out yet, it would be nice to at least get a response from plugin support after more than a week…

Thanks

Plugin Support Jawad Ahmed
(@jawada)

2 months, 2 weeks ago

Hi All,

Thank you for bringing this to our attention and we apologize for a delayed response. Our team is aware of the vulnerability, and a beta version that addresses the issue is currently in testing. If you would like early access to the beta version before the official update is released, please reach out to us via our support page. ?You can visit?our support page, where you’ll find options to chat with us or send an email. Our team is available to assist you and will gladly provide you with the beta version.

Best Regards

Plugin Support Jawad Ahmed
(@jawada)

2 months ago

Hi

We’ve recently released a fixed version (4.3.4). Please update Popup Builder to the latest version and check if the issue persists.Should you have any questions, you can visit our support page, where you’ll find options to chat with us or send an email. Our team is available to assist you and will gladly address any concerns you may have.

Best Regards

delboy007
(@delboy007)

1 month ago

I have just had a noficiation from Wordfence that version 4.3.4 is still not fixed

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/popup-builder/popup-builder-433-sensitive-information-exposure-via-imported-subscribers-csv-file

lisath
(@lisath)

1 month ago

Can anybody recommend a good replacement for this plugin?