exploitDog

CVE-2022-0424

Опубликовано: 09 мая 2022

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Средний

Описание

The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users

Ссылки

https://wpscan.com/vulnerability/1e4593fd-51e5-43ca-a244-9aaef3804b9f
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/1e4593fd-51e5-43ca-a244-9aaef3804b9f
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:supsystic:popup:*:*:*:*:*:wordpress:*:*

Версия до 1.10.9 (исключая)

EPSS

Процентиль: 96%

0.25772

Средний

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-306

CWE-306

Связанные уязвимости

GHSA-28vh-fggg-795m

CVSS3: 5.3

github

больше 3 лет назад

The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users

EPSS

Процентиль: 96%

0.25772

Средний

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-306

CWE-306