Sensitive Information Exposure via Imported Subscribers CSV File

  • Resolved kianoush2024

    (@kianoush2024)


    1 month, 4 weeks ago

    The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.4 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via a CSV file. This data may include the first name, last name, e-mail address, and potentially other personally identifiable information of subscribers.

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support Jawad Ahmed

    (@jawada)

    Hi @kianoush2024

    Thank you for bringing this issue to our attention. Although it was addressed in the most recent release (version 4.3.4), we are currently reviewing it and will release a fix soon. Thank you for your patience.

    Best Regards

    Any updates on this? It’s becoming a recurring constant problem.

    also checking up on this… any update?

    Plugin Support Jawad Ahmed

    (@jawada)

    Hello,

    A fix has already been implemented. The updated version of the plugin is currently in the testing phase. We appreciate your patience while we prepare for its release.

    If you’d like to access the updated version before the official release, please feel free to reach out through our dedicated support forum. You can visit us at https://help.popup-builder.com/en/, where you’ll find options to chat with us or send an email. Our team is here to help and will be happy to address any concerns you may have.

    Best regards,

    Plugin Support Jawad Ahmed

    (@jawada)

    Hi,

    I hope you’re doing well!

    Have you had a chance to update Popup Builder to the latest version? We recently released Version 4.3.5, which includes important fixes and resolves a vulnerability issue.

    I’ll mark this thread as closed for now, but if you need further assistance, please visit our support page. There, you can chat with us or send an email—our team is always available and happy to help with any concerns you may have.

    Best regards,

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.