An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file").
References
Link | Resource |
---|---|
http://blog.redyops.com/wordpress-plugin-popup-maker/ | Exploit Third Party Advisory |
https://github.com/PopupMaker/Popup-Maker/blob/master/CHANGELOG.md | Release Notes |
https://wpvulndb.com/vulnerabilities/9907 | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2019-10-14 14:15
Updated : 2024-02-28 17:28
NVD link : CVE-2019-17574
Mitre link : CVE-2019-17574
CVE.ORG link : CVE-2019-17574
JSON object : View
Products Affected
code-atlantic
- popup_maker
CWE
CWE-639
Authorization Bypass Through User-Controlled Key