CVE-2022-0424: Popup by Supsystic < 1.10.9 - Unauthenticated Subscriber Email Addresses Disclosure
First published: Mon May 09 2022(Updated: )
The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WordPress Popup by Supsystic | <1.10.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-0424.
What is the severity of CVE-2022-0424?
The severity of CVE-2022-0424 is medium with a severity value of 5.3.
What is the affected software for CVE-2022-0424?
The affected software for CVE-2022-0424 is the Popup by Supsystic WordPress plugin before version 1.10.9.
How does CVE-2022-0424 impact the affected software?
CVE-2022-0424 allows unauthenticated attackers to call an AJAX action in the Popup by Supsystic WordPress plugin before version 1.10.9, and retrieve email addresses of subscribed users.
How can I fix CVE-2022-0424?
To fix CVE-2022-0424, update the Popup by Supsystic WordPress plugin to version 1.10.9 or later.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/title
- agent/last-modified-date
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/supsystic
- canonical/wordpress popup by supsystic