Vulnerabilities and security researches forfirebox firebox
Direction: ascendingJul 05, 2024
Popup Builder – On Page Load Popup, Exit Popup, Login Popup, On Click, Sticky Bar, Anti-AdBlock – FireBox # 1986d69276353995e57ce6a5be0792df5e3da61f
- CVE, Research URL
- Home page URL
- Application
- Date
- Jul 03, 2024
- Research Description
- FireBox Popups – Increase Sales and Grow Your Email List [firebox] < 2.1.16 WordPress FireBox Plugin <= 2.1.15 is vulnerable to Backdoor <p>WordPress FireBox Plugin <= 2.1.15 is vulnerable to Backdoor</p><p>Software: FireBox</p><p>Link: https://wordpress.org/plugins/firebox/#developers</p><p>Affected Version <= 2.1.15</p><p>Fixed in version 2.1.16 </p>
- Affected versions
-
max 2.1.16.
- Status
-
vulnerable
Jan 10, 2026
Popup Builder – On Page Load Popup, Exit Popup, Login Popup, On Click, Sticky Bar, Anti-AdBlock – FireBox # CVE-2025-67545
- CVE, Research URL
- Home page URL
- Application
- Date
- Dec 09, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FirePlugins FireBox firebox allows Stored XSS.This issue affects FireBox: from n/a through <= 3.1.0-free.
- Affected versions
-
max 3.1.1-free.
- Status
-
vulnerable
Jun 20, 2026
Popup Builder – On Page Load Popup, Exit Popup, Login Popup, On Click, Sticky Bar, Anti-AdBlock – FireBox # CVE-2026-12120
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 18, 2026
- Research Description
- The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.7 via the 'form_id' parameter. This makes it possible for unauthenticated attackers to extract download a full CSV export of all form submissions — including any personally identifiable information submitted by users — for any arbitrary form_id.
- Affected versions
-
max 3.1.8.
- Status
-
vulnerable