A vulnerability was found in fireplugins FireBox Popups Plugin up to 3.1.7 on WordPress. It has been declared as problematic . Impacted is an unknown function of the component Form Submission Handler . The manipulation of the argument form_id results in information disclosure. This vulnerability was named CVE-2026-12120 . The attack may be performed from remote. There is no available exploit.