cleantalk
Vulnerabilities and Security Researches

Popup by Supsystic, CVE-2022-0424

CVE, Research URL

CVE-2022-0424

Home page URL

Security reports for Popup by Supsystic

Application

Popup by Supsystic

Published on
May 09, 2022
Research Description
The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users
Affected versions
Min -, max 1.10.9.
Status
vulnerable
Previous vulnerability researches
Popup by Supsystic (CVE-2024-52434) , Nov 19, 2024
Popup by Supsystic (CVE-2023-51353) , Mar 21, 2025
Popup by Supsystic (CVE-2023-39997) , Jun 10, 2024
Popup by Supsystic (CVE-2023-46197) , Jun 06, 2024
Popup by Supsystic (CVE-2023-3186) , Jun 06, 2024
New vulnerability
DirectIQ Email Marketing (CVE-2025-52829) , Jun 28, 2025
e.nigma buttons (CVE-2025-5535) , Jun 28, 2025
Evangelische Termine (CVE-2025-28960) , Jun 28, 2025
GG Bought Together for WooCommerce (CVE-2025-23967) , Jun 28, 2025
FormLift for Infusionsoft Web Forms (CVE-2025-47654) , Jun 28, 2025