An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file").
References
Link | Resource |
---|---|
http://blog.redyops.com/wordpress-plugin-popup-maker/ | Exploit Third Party Advisory |
https://github.com/PopupMaker/Popup-Maker/blob/master/CHANGELOG.md | Release Notes |
https://wpvulndb.com/vulnerabilities/9907 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-10-14T13:55:36
Updated: 2019-10-14T18:06:21
Reserved: 2019-10-14T00:00:00
Link: CVE-2019-17574
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-10-14T14:15:10.197
Modified: 2019-10-18T14:35:36.840
Link: CVE-2019-17574
JSON object: View
Redhat Information
No data.
CWE