The Popup by Supsystic WordPress plugin prior to 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated malicious users to call it and get the email addresses of subscribed users
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
supsystic popup |