CVE-2019-17574
published 2019-10-14CVE-2019-17574: An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action…
PriorityP179critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
9.23%
94.7th percentile
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file").
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| code-atlantic | popup_maker | < 1.8.13 | 1.8.13 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated GET requests to the system info tab endpoint via the pum_action parameter ↗
- →Detect unauthenticated POST requests invoking the popup_sysinfo action via the popmake_action parameter ↗
- →Confirm exploitation by checking response body for 'Popup Maker Configuration' and 'Webserver Configuration' strings, indicating system info disclosure ↗
- →Identify vulnerable WordPress installations by fingerprinting the popup-maker plugin path in HTML responses ↗
- ·The vulnerability affects Popup Maker plugin versions before 1.8.13; the template title references 1.8.12 as the fix version but NVD states the fix is in 1.8.13 ↗
- ·The attacker can only *partially* control the do_action arguments, limiting which popmake_/pum_ methods can be invoked ↗
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
vulncheck9.1CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4hv6-wvv9-jh2f: An issue was discovered in the Popup Maker plugin before 1
ghsa_unreviewed·2022-05-24
CVE-2019-17574 [CRITICAL] CWE-639 GHSA-4hv6-wvv9-jh2f: An issue was discovered in the Popup Maker plugin before 1
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file").
VulnCheck
code-atlantic popup_maker Authorization Bypass Through User-Controlled Key
vulncheck·2019·CVSS 9.1
CVE-2019-17574 [CRITICAL] code-atlantic popup_maker Authorization Bypass Through User-Controlled Key
code-atlantic popup_maker Authorization Bypass Through User-Controlled Key
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file").
Affected: code-atlantic popup_maker
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.cloudsek.com/blog/androxgh0st-continues-exploitation-operators-compromise-a-us-university-for-hosting-c2-logger; https://www.cloudsek.com/blog/botnet-loader-as-a-s
No detection rules found.
Nuclei
Popup-Maker < 1.8.12 - Broken Authentication
nuclei·CVSS 9.1
CVE-2019-17574 [CRITICAL] Popup-Maker < 1.8.12 - Broken Authentication
Popup-Maker < 1.8.12 - Broken Authentication
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file").
Template:
id: CVE-2019-17574
info:
name: Popup-Maker < 1.8.12 - Broken Authentication
author: DhiyaneshDK
severity: critical
description: |
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system
http://blog.redyops.com/wordpress-plugin-popup-maker/https://github.com/PopupMaker/Popup-Maker/blob/master/CHANGELOG.mdhttps://wpvulndb.com/vulnerabilities/9907http://blog.redyops.com/wordpress-plugin-popup-maker/https://github.com/PopupMaker/Popup-Maker/blob/master/CHANGELOG.mdhttps://wpvulndb.com/vulnerabilities/9907
2019-10-14
Published
Exploited in the wild