Security Advisory

CVE-2022-0424

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-05-09 16:50:28

Last updated 2024-08-02 23:25:40

Assigner WPScan

State PUBLISHED

Description

The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users

← Browse all CVEs View on cve.org ↗