WordPress Plugin Vulnerabilities

Slick Popup <= 1.7.1 - Privilege Escalation

Description

Subscriber users are able to create an administrator account with hardcoded login credentials.

Proof of Concept

Affects Plugins

Plugin icon
slick-popup
Fixed in 1.7.2

References

CVE
CVE-2019-15867
URL
https://www.wordfence.com/blog/2019/05/privilege-escalation-flaw-present-in-slick-popup-plugin/
URL
https://plugins.trac.wordpress.org/changeset/2097862/slick-popup

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
8.8 (high)

Miscellaneous

Submitter
Ryan Dewhurst
Submitter website
https://wpscan.io
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
7cba1df1-a3ce-412d-bb24-7cb533d3a9be

Timeline

Publicly Published
2019-05-28 (about 6 years ago)
Added
2019-05-29 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2016-05-06
Title
safe-editor <= 1.1 - Unauthenticated CSS/JS-injection
Published
2025-07-11
Title
Simple Link Directory < 14.8.1 - Authentication Bypass
Published
2020-02-19
Title
Duplicator 1.3.24 & 1.3.26 - Unauthenticated Arbitrary File Download
Published
2025-02-28
Title
Academist Membership < 1.2 - Authentication Bypass
Published
2025-02-11
Title
Customer Email Verification for WooCommerce < 2.9.6 - Authentication Bypass via Shortcode