First published: Mon Oct 14 2019(Updated: )
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file").
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Popup Maker | <1.8.13 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue in the Popup Maker plugin is CVE-2019-17574.
The severity of CVE-2019-17574 is critical with a CVSS score of 9.1.
An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods.
The affected software version is Popup Maker plugin before 1.8.13 for WordPress.
Yes, you can find more information on CVE-2019-17574 at the following references: [1] http://blog.redyops.com/wordpress-plugin-popup-maker/ [2] https://github.com/PopupMaker/Popup-Maker/blob/master/CHANGELOG.md [3] https://wpvulndb.com/vulnerabilities/9907