CVE-2024-2541

NVD Published Date: August 29, 2024 at 01:15 PM
NVD Last Modified: September 09, 2024 at 06:40 PM
Download Patch
Vulnerability ID
CVE-2024-2541
Severity
HIGH
Severity Score
7.5
Summary
The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via a CSV file. This data may include the first name, last name, e-mail address, and potentially other personally identifiable information of subscribers.
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE ID
NVD-CWE-noinfo

Recent Publish

CVE-2024-8297

CVE-2024-8296

2024-02 Security Monthly Quality Rollup for Windows Server 2008 for x86-based Systems (KB5034795)

2024-02 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5034795)

2024-02 Security Only Quality Update for Windows Embedded Standard 7 for x64-based Systems (KB5034809)

2024-02 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5034809)

See SecOps Solution
in action

Schedule Demo