daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

minor update

patch-1
Dhiyaneshwaran 2024-04-11 12:18:18 +05:30 committed by GitHub
parent 97864a8e5f
commit 363280f52b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
http/cves/2022/CVE-2022-0424.yaml
View File

@ -6,6 +6,7 @@ info:
severity: medium severity: medium
description: | description: |
The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users
remediation: Fixed in 1.10.9
reference: reference:
- https://wpscan.com/vulnerability/1e4593fd-51e5-43ca-a244-9aaef3804b9f/ - https://wpscan.com/vulnerability/1e4593fd-51e5-43ca-a244-9aaef3804b9f/
- https://nvd.nist.gov/vuln/detail/CVE-2022-0424 - https://nvd.nist.gov/vuln/detail/CVE-2022-0424
@ -20,11 +21,11 @@ info:
metadata: metadata:
verified: true verified: true
max-request: 1 max-request: 1
publicwww-query: "/wp-content/plugins/popup-by-supsystic"
vendor: supsystic vendor: supsystic
product: popup product: popup
framework: wordpress framework: wordpress
tags: cve,cve2022,wp,wp-plugin,wordpress,disclosure,popup publicwww-query: "/wp-content/plugins/popup-by-supsystic"
tags: wpscan,cve,cve2022,wp,wp-plugin,wordpress,disclosure,popup
http: http:
- raw: - raw: