PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-12120 fireplugins CVE debrief

The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.7 via the 'form_id' parameter. This makes it possible for unauthenticated attackers to extract and download a full CSV export of all form submissions — including any personally identifiable information submitted by users — for any arbitrary form_id. The vulnerability has a CVSS score of 5.3 and a severity rating of MEDIUM. Users of the plugin should be aware of this vulnerability and take immediate action to protect their sites.

Vendor
fireplugins
Product
FireBox Popups – Increase Sales and Grow Your Email List
CVSS
MEDIUM 5.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-18
Original CVE updated
2026-06-18
Advisory published
2026-06-18
Advisory updated
2026-06-18

Who should care

Users of the FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress should be aware of this vulnerability and take immediate action to protect their sites. This includes updating the plugin to the latest version, implementing additional security measures to protect against unauthenticated access, and monitoring for suspicious activity related to form submissions. Affected operators should review their deployments and assign an owner for follow-up to ensure that affected systems are identified and remediated. The vulnerability could have significant impacts on the confidentiality of user data, and defenders should take steps to verify the accuracy of this information with the vendor or other sources.

Technical summary

The FireBox Popups plugin for WordPress is vulnerable to Sensitive Information Exposure. An unauthenticated attacker can exploit this vulnerability by manipulating the 'form_id' parameter to download a full CSV export of all form submissions, including personally identifiable information. The vulnerability affects all versions up to, and including, 3.1.7 of the FireBox Popups plugin for WordPress. Users should review their deployments and assign an owner for follow-up to ensure that affected systems are identified and remediated. Compensating controls, such as restricting access to form submissions, may be necessary while remediation is scheduled and verified. This vulnerability could have significant impacts on the confidentiality of user data, and defenders should take steps to verify the accuracy of this information with the vendor or other sources.

Defensive priority

Medium priority due to the potential for sensitive information exposure. Users should prioritize updating the plugin to the latest version and implement additional security measures to protect against unauthenticated access. Monitoring for suspicious activity related to form submissions is also recommended. This vulnerability could have significant impacts on the confidentiality of user data, and defenders should take steps to verify the accuracy of this information with the vendor or other sources. The vulnerability affects all versions up to, and including, 3.1.7 of the FireBox Popups plugin for WordPress, and users should review their deployments and assign an owner for follow-up to ensure that affected systems are identified and remediated. Compensating controls, such as restricting access to form submissions, may be necessary while remediation is scheduled and verified. Tracking exceptions, retesting remediated assets, and closing the item only after evidence is documented are also important steps in managing this vulnerability. The CVE record and NVD entry provide additional context, but users should be aware of the limitations of these sources and take steps to verify the information with the vendor or other sources. The vulnerability has not been modified since its initial publication on 2026-06-18T06:16:57.680Z, and the NVD entry is currently Deferred, which may impact the accuracy of the information provided. Users should plan vendor-supported updates or mitigations through normal change control where exposure is confirmed and review compensating controls for exposed systems while remediation is scheduled and verified. Checking relevant monitoring, detection, and logs for exposed assets that need extra review is also crucial in managing this vulnerability. The FireBox Popups plugin for WordPress is vulnerable to Sensitive Information Exposure, and an unauthenticated attacker can exploit this vulnerability by manipulating the 'form_id' parameter to download a full CSV export of all form submissions, including personally identifiable information. The vulnerability affects users of the FireBox Popups plugin for WordPress, and they should be aware of the '

Recommended defensive actions

  • Update the FireBox Popups plugin to the latest version.
  • Implement additional security measures to protect against unauthenticated access.
  • Monitor for suspicious activity related to form submissions.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.

Evidence notes

The CVE record was published on 2026-06-18T06:16:57.680Z and has not been modified since then. The NVD entry is currently Deferred. There are no additional details available about the vulnerability beyond what is provided in the CVE record and NVD entry. Users should verify the accuracy of this information with the vendor or other sources.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-18T06:16:57.680Z and has not been modified since then.