CVE-2024-3897

Name of the Vulnerable Software and Affected Versions The Popup Box – Best WordPress Popup Plugin versions prior to 4.3.7

Description The issue allows unauthorized access to data due to a missing capability check on the ays pb create author AJAX action. This makes it possible for unauthenticated attackers to enumerate all emails registered on the website.

Recommendations For versions up to and including 4.3.6, update to a version newer than 4.3.6 to resolve the issue. As a temporary workaround, consider restricting access to the ays pb create author AJAX action until a patch is available.