Medium severity5.3NVD Advisory· Published Aug 29, 2024· Updated Apr 8, 2026

CVE-2024-2541

Description

The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via a CSV file. This data may include the first name, last name, e-mail address, and potentially other personally identifiable information of subscribers.

Affected products

Sygnoos/Popup Builder
cpe:2.3:a:sygnoos:popup_builder:*:*:*:*:*:wordpress:*:*
Range: <=4.3.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.wordfence.com/threat-intel/vulnerabilities/id/086cd6a0-adb6-4e12-b34c-630297f036f3nvdThird Party Advisory
plugins.trac.wordpress.org/browser/popup-builder/trunk/com/libs/Importer.phpnvdProduct
plugins.trac.wordpress.org/changesetnvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000