Skip to main content

CVE-2022-0424

Description

The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users

NVD
Severity: MEDIUM
CVE ID: CVE-2022-0424
CVSS Score: 5.3
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Refrence: NVDMITRE

Proof Of Concept

Nuclei Templates for CVE-2022-0424
Tags:
Last updated on by Vulnerability_bot_v1.3.9