WordPress Plugin Vulnerabilities

WP Intercom Slack <= 1.2.2 - Slack Access Token Disclosure

Description

The Intercom plugin through 1.2.2 leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.).

Affects Plugins

Plugin icon
wp-intercom-slack
No known fix

References

CVE
CVE-2019-14365

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
7.5 (high)

Miscellaneous

Original Researcher
fs0c131y
Verified
No
WPVDB ID
5cec0600-9b6d-47d7-9af5-1a126a5e9a8e

Timeline

Publicly Published
2019-11-12 (about 6 years ago)
Added
2021-02-23 (about 5 years ago)
Last Updated
2021-02-24 (about 5 years ago)

Other

Published
Title
Published
2025-12-29
Title
PopupKit < 2.2.1 - Authenticated (Subscriber+) Information Exposure
Published
2024-03-28
Title
Wholesale For WooCommerce < 2.3.1 - Unauthenticated Information Exposure
Published
2026-04-21
Title
Table Manager <= 1.0.0 - Authenticated (Contributor+) Sensitive Information Exposure via 'table' Shortcode Attribute
Published
2023-02-27
Title
Shortcodes Ultimate < 5.12.8 - Subscriber+ User Meta Disclosure
Published
2025-12-26
Title
Booking Ultra Pro <= 1.1.23 - Authenticated (Subscriber+) Information Exposure