CVE-2022-0424 Scanner

Popup by Supsystic is a WordPress plugin used to create customizable pop-ups for websites. It is commonly utilized by web developers and website owners to engage users, display advertisements, collect email subscriptions, or provide notifications. This tool is widely used in the WordPress ecosystem due to its flexibility and ease of use in a wide range of scenarios, from promotional activities to informational alerts. The plugin is relied upon by both small-scale websites and large enterprises for its robust features and user-friendly interface. It integrates seamlessly with other WordPress plugins, making it a convenient choice for anyone looking to enhance their website's functionality with pop-ups.

This vulnerability involves the unauthorized disclosure of subscriber email addresses. It arises from a lack of authentication and authorization checks in an AJAX call within the Popup by Supsystic WordPress plugin version prior to 1.10.9. As a result, unauthenticated users could potentially exploit this weakness to gain access to sensitive user information. The issue stems from improper security controls over database requests executed by the plugin. This vulnerability highlights the need for proper input validation and access control mechanisms in web applications to prevent unauthorized data exposure. Patching such vulnerabilities is critical to maintaining the confidentiality of user information.

The technical details of this vulnerability involve an AJAX action in the WordPress plugin that does not require authentication or authorization. This endpoint can be accessed by any user, allowing a potential attacker to execute the 'getListForTbl' function. This action fetches a list containing email addresses of users subscribed to the site using the plugin. The vulnerable parameters in this scenario include the 'page' and 'action' fields in the AJAX request, which control the database query performed by the plugin. By manipulating these parameters, an attacker can effectively retrieve private user data without possessing any credentials.

When exploited, this vulnerability could lead to unauthorized disclosure of user email addresses, posing a significant risk of information leakage. This can potentially result in targeted phishing attacks, spam, or other malicious activities aimed at the exposed users. Furthermore, the vulnerability undermines user trust in the website and the plugin, which could lead to reputational damage for the affected site. It emphasizes the importance of adhering to security best practices in software development, especially regarding user data handling and access control.

REFERENCES

• https://wpscan.com/vulnerability/1e4593fd-51e5-43ca-a244-9aaef3804b9f/
• https://nvd.nist.gov/vuln/detail/CVE-2022-0424