← back
CVE-2019-17574

CVE-2019-17574

EPSS 9.3%◆ VulnCheck KEV
Vexday Risk Score
40Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 9.3%KEV nãoPoC Nuclei simMetasploit Patch
Lifecycle
14 Oct 2019Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file").
Affected products
n/a · n/a