S4E

CVE-2019-17574 Scanner

Detects 'Broken Authentication' vulnerability in Popup-Maker plugin for WordPress affects v. before 1.8.13.

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

30 days

Scan only one

Domain, IPv4

Toolbox

-

The Popup Maker plugin for WordPress is a popular tool used to easily create custom popups, modals, and opt-in forms on a website. It is utilized by businesses and individuals alike to improve their online user experience, capture leads, and increase conversions. With Popup Maker, users can easily customize the appearance, timing, and trigger conditions of their popups to fit the needs of their specific website.

However, the plugin was recently found to have a vulnerability in the form of CVE-2019-17574. This vulnerability allows an unauthenticated attacker to partially control the arguments of the do_action function to invoke specific popmake_ or pum_ methods. The attacker can take advantage of this to control the content and delivery of popmake-system-info.txt, also known as the "support debug text file". Essentially, an attacker could manipulate this file to execute malicious code on the website and potentially compromise user data.

When this vulnerability is exploited, it can lead to serious consequences for website owners and users. An attacker could potentially gain unauthorized access to sensitive information, steal personal data, or cause other malicious damage to the website. The overall user experience of the website may also suffer as a result, leading to brand damage and loss of credibility.

It's important to stay aware of potential vulnerabilities in any digital assets, including WordPress plugins like Popup Maker. Thanks to the pro features of the s4e.io platform, readers can quickly and easily scan their websites for vulnerabilities and take action to ensure their online security. Protecting your digital assets is essential for ensuring a safe and positive user experience for your audience.

 

REFERENCES

Get started to protecting your Free Full Security Scan