An issue exists in the Popup Maker plugin prior to 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file").
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
code-atlantic popup maker |