CVE-2019-17574

CRITICAL Year: 2019
CVSS v3 Score
9.1
Critical
CVSS v2 Score
6.4
Medium
Weakness Type
CWE-639
View all →

Vulnerability Description

An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file").

Related Vulnerabilities

CVE-2019-17382

CRITICAL
CVSS:9.1(Critical)

An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Repor...

CWE-6392019

CVE-2019-19755

CRITICAL
CVSS:9.1(Critical)

ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: a...

CWE-6392019

CVE-2021-32654

CRITICAL
CVSS:9.1(Critical)

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. ...

CWE-6392021

CVE-2022-1165

CRITICAL
CVSS:9.1(Critical)

The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be...

CWE-6392022

CVE-2022-36247

CRITICAL
CVSS:9.1(Critical)

Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via controlpanel.shopbeat.co.za.

CWE-6392022

CVE-2022-38789

CRITICAL
CVSS:9.1(Critical)

An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object ...

CWE-6392022