CVE-2022-0424

MEDIUM NUCLEI

The Popup by Supsystic WordPress <1.10.9 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-0424. PoCs published by halilkirazkaya. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains a functional PoC for CVE-2022-0424, an unauthenticated information disclosure vulnerability in the Popup by Supsystic WordPress plugin. The exploit demonstrates how to retrieve email addresses of subscribed users via an unauthenticated AJAX call.

Description

The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users

Exploits (1)

github WORKING POC 4 stars
by halilkirazkaya · poc
https://github.com/halilkirazkaya/cve-poc-garage/tree/main/2022/CVE-2022-0424.md

The repository contains a functional PoC for CVE-2022-0424, an unauthenticated information disclosure vulnerability in the Popup by Supsystic WordPress plugin. The exploit demonstrates how to retrieve email addresses of subscribed users via an unauthenticated AJAX call.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Popup by Supsystic WordPress plugin before 1.10.9
No auth needed
Prerequisites: WordPress site with vulnerable Popup by Supsystic plugin installed
devstral-2 · analyzed Feb 27, 2026 Full analysis →

Nuclei Templates (1)

Popup by Supsystic < 1.10.9 - Subscriber Email Addresses Disclosure
MEDIUMVERIFIEDby s4e-io
Shodan: http.html:/wp-content/plugins/popup-by-supsystic
FOFA: body=/wp-content/plugins/popup-by-supsystic

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/1e4593fd-51e5-43ca-a244-9aaef3804b9f

Scores

CVSS v3 5.3
EPSS 0.0269
EPSS Percentile 83.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-306
Status published
Products (1)
supsystic/popup < 1.10.9
Published May 09, 2022
Tracked Since Feb 18, 2026