CVE-2024-2541

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 29, 2024
CWE ID 200

Summary

CVE-2024-2541 identifies a vulnerability in the Popup Builder plugin for WordPress, present in all versions up to and including 4.3.3, that allows unauthenticated attackers to access sensitive information through the Subscribers Import feature. This exposure can lead to the leakage of personal data such as first names, last names, and email addresses of subscribers after an administrator imports this information via a CSV file. To remediate this vulnerability, users should update the Popup Builder plugin to the latest version that addresses this issue. The potential danger posed by this vulnerability includes unauthorized data access and privacy breaches, which could harm an organization’s reputation and lead to compliance violations. The vulnerability has a medium severity rating with a CVSS score of 5.3, indicating a low confidentiality impact but necessitating prompt attention due to its exploitability through a network without requiring user interaction.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share