Vulnerabilities > CVE-2019-17574 - Authorization Bypass Through User-Controlled Key vulnerability in Code-Atlantic Popup Maker
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file").
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://blog.redyops.com/wordpress-plugin-popup-maker/
- http://blog.redyops.com/wordpress-plugin-popup-maker/
- https://github.com/PopupMaker/Popup-Maker/blob/master/CHANGELOG.md
- https://github.com/PopupMaker/Popup-Maker/blob/master/CHANGELOG.md
- https://wpvulndb.com/vulnerabilities/9907
- https://wpvulndb.com/vulnerabilities/9907