Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-17574

EPSS 86.89% · P99
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-17574

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file").
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
WordPress Popup Maker插件安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。Popup Maker是使用在其中的一个弹出窗口插件。 WordPress Popup Maker插件1.8.13之前版本中存在安全漏洞。攻击者可利用该漏洞检索有关WordPress插件、Webserver配置、PHP配置等信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2019-17574

#POC DescriptionSource LinkShenlong Link
1An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file"). https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-17574.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-17574

登录查看更多情报信息。

Same Patch Batch · n/a · 2019-10-14 · 37 CVEs total

CVE-2019-17539FFmpeg 代码问题漏洞
CVE-2019-17579SonarSource SonarQube 跨站脚本漏洞
CVE-2019-9745CloudCTI HIP Integrator Recognition Configuration Tool 安全漏洞
CVE-2019-17575WBCE CMS 代码注入漏洞
CVE-2019-16344Sensorweb ScadaBR 跨站脚本漏洞
CVE-2019-17552idreamsoft iCMS SQL注入漏洞
CVE-2019-17553MetInfo SQL注入漏洞
CVE-2019-17408ZZZCMS zzzphp 输入验证错误漏洞
CVE-2019-17501Centreon 操作系统命令注入漏洞
CVE-2019-17511D-Link DIR-412 授权问题漏洞
CVE-2019-17540ImageMagick Studio ImageMagick 缓冲区错误漏洞
CVE-2019-17542FFmpeg 输入验证错误漏洞
CVE-2019-17543LZ4 缓冲区错误漏洞
CVE-2019-17544GNU Aspell 缓冲区错误漏洞
CVE-2019-17545GDAL 资源管理错误漏洞
CVE-2019-17547ImageMagick Studio ImageMagick 资源管理错误漏洞
CVE-2019-17546Silicon Graphics LibTIFF 输入验证错误漏洞
CVE-2019-17541ImageMagick Studio ImageMagick 资源管理错误漏洞
CVE-2019-17044BMC Software Patrol Agent 安全漏洞
CVE-2019-17595ncurses 缓冲区错误漏洞

Showing top 20 of 37 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2019-17574

No comments yet

Leave a comment