CVE-2019-17574

An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file").
Configurations

Configuration 1 (hide)

cpe:2.3:a:code-atlantic:popup_maker:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2019-10-14 14:15

Updated : 2024-02-28 17:28


NVD link : CVE-2019-17574

Mitre link : CVE-2019-17574

CVE.ORG link : CVE-2019-17574


JSON object : View

Products Affected

code-atlantic

  • popup_maker
CWE
CWE-639

Authorization Bypass Through User-Controlled Key