CVE-2023-47308

Name of the Vulnerable Software and Affected Versions Newsletter Popup PRO with Voucher/Coupon code versions prior to 2.6.1

Description The issue allows a guest to perform SQL injection. The method NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription() contains sensitive SQL calls that can be exploited with a trivial HTTP call.

Recommendations For versions prior to 2.6.1, update to version 2.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription() method until a patch is applied.