cleantalk
Vulnerabilities and Security Researches

Popup Builder – On Page Load Popup, Exit Popup, Login Popup, On Click, Sticky Bar, Anti-AdBlock – FireBox, CVE-2026-12120

CVE, Research URL

CVE-2026-12120

Home page URL

Security reports for Popup Builder – On Page Load Popup, Exit Popup, Login Popup, On Click, Sticky Bar, Anti-AdBlock – FireBox

Application

Popup Builder – On Page Load Popup, Exit Popup, Login Popup, On Click, Sticky Bar, Anti-AdBlock – FireBox

Published on
Jun 18, 2026
Research Description
The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.7 via the 'form_id' parameter. This makes it possible for unauthenticated attackers to extract download a full CSV export of all form submissions — including any personally identifiable information submitted by users — for any arbitrary form_id.
Affected versions
max 3.1.8.
Status
vulnerable
Previous vulnerability researches
Simple GDPR Cookie Compliance (CVE-2026-24604) , Jan 27, 2026
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2019-25143) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (7d5b4ba83a5c6004460bf267fe534a359e1416b0) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2023-4013) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2025-1621) , Mar 14, 2025
New vulnerability
MStore API (CVE-2026-54817) , Jun 20, 2026
Bricksable for Bricks Builder (CVE-2026-56009) , Jun 20, 2026
Offload, AI & Optimize with Cloudflare Images (CVE-2026-9860) , Jun 20, 2026
Royal Elementor Addons and Templates (CVE-2026-8118) , Jun 20, 2026
Bogo (CVE-2026-9013) , Jun 20, 2026