cleantalk
Vulnerabilities and Security Researches

Popup Builder – On Page Load Popup, Exit Popup, Login Popup, On Click, Sticky Bar, Anti-AdBlock – FireBox, CVE-2026-12120

CVE, Research URL

CVE-2026-12120

Home page URL

Security reports for Popup Builder – On Page Load Popup, Exit Popup, Login Popup, On Click, Sticky Bar, Anti-AdBlock – FireBox

Application

Popup Builder – On Page Load Popup, Exit Popup, Login Popup, On Click, Sticky Bar, Anti-AdBlock – FireBox

Published on
Jun 18, 2026
Research Description
The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.7 via the 'form_id' parameter. This makes it possible for unauthenticated attackers to extract download a full CSV export of all form submissions — including any personally identifiable information submitted by users — for any arbitrary form_id.
Affected versions
max 3.1.8.
Status
vulnerable
Previous vulnerability researches
Simple GDPR Cookie Compliance (CVE-2026-24604) , Jan 27, 2026
New vulnerability
Bricksable for Bricks Builder (CVE-2026-56009) , Jun 20, 2026
Offload, AI & Optimize with Cloudflare Images (CVE-2026-9860) , Jun 20, 2026
Royal Elementor Addons and Templates (CVE-2026-8118) , Jun 20, 2026
Bogo (CVE-2026-9013) , Jun 20, 2026
Ocean Product Sharing (CVE-2026-56007) , Jun 20, 2026