Moderator note: If you have code that shows how this vuln works, please send it PRIVATELY to the developers or to [email protected].
Bel
(@belimperial)
Hi @dylanfitzger
Thank you for reaching out.
Can you please create a support request on our website?
Here’s how to:
- Go to https://wppopupmaker.com/support/#submit-a-support-ticket
- Click Other Support
- Fill in the form
- Click SUBMIT
Here’s a screen capture for your reference: https://share.wppopupmaker.com/geudGzB4
It would also be helpful if you can include the following:
- Code report
- Copy/paste any error messages (PHP logs, page errors, or dev tools console logs) you see.
- Attach or post screen captures of the issue (including error messages).
- WordPress version
- PHP version
- Popup Maker version
- The name of the other plugin
- WordPress theme
- Hosting provider
I’ve informed our team, and we’ll be waiting for your email.
Thank you!
@dylanfitzger – There are no forward facing alert banners, so I would have to assume one in the admin, but none of those include personal or identifying or even secure information other than possibly total popup views if it was a review request.
Happy to investigate but I’ve searched every usage of $_REQUEST & $_GET in the plugin and none should result in anything like your suggesting unless there is a side effect I’m not seeing by looking at just the code.
Only other thing I could think of was if you had a popup that had all the info your saying leaked in it, and didn’t secure that popup to only show to logged in users etc you could have leaked your own data, but then that would also mean that you are saying the parameter you added triggered the popup automatically, which is a built in feature, so not unexpected.
Email us if you feel its an issue we can get it worked out.
Bel
(@belimperial)
Hi @dylanfitzger
I’m going to mark this as resolved, as we haven’t heard from you in a while.
Feel free to create a new thread if you have any other questions.
Thank you!
