CVE-2019-17574
CVE-2019-17574
Vexday Risk Score
40Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 9.3%KEV nãoPoC —Nuclei simMetasploit —Patch —
Lifecycle
14 Oct 2019Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file").
Affected products
n/a · n/a