CVE-2022-0424

Published: May 9, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users

Affected (1)

Products: Supsystic: Popup

Supsystic

1 product

Popup

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Supsystic Popup	Before 1.10.9

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://wpscan.com/vulnerability/1e4593fd-51e5-43ca-a244-9aaef3804b9f

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/1e4593fd-51e5-43ca-a244-9aaef3804b9f

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.