cleantalk
Vulnerabilities and Security Researches

Popup Maker – Popup for opt-ins, lead gen, & more, CVE-2019-17574

CVE, Research URL

CVE-2019-17574

Home page URL

Security reports for Popup Maker – Popup for opt-ins, lead gen, & more

Application

Popup Maker – Popup for opt-ins, lead gen, & more

Published on
Oct 14, 2019
Research Description
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file").
Affected versions
Min -, max 1.8.13.
Status
vulnerable
Previous vulnerability researches
Popup Maker – Responsive popup, Exit Intent Pop up, Email Optins, Autoresponder & More (CVE-2024-34770) , Jun 07, 2024
Popup Maker – Popup for opt-ins, lead gen, & more (CVE-2024-5561) , Sep 11, 2024
Popup Maker – Popup for opt-ins, lead gen, & more (CVE-2025-4205) , Jun 06, 2025
Popup Maker – Popup for opt-ins, lead gen, & more (CVE-2025-24746) , Jan 25, 2025
Popup Maker – Popup for opt-ins, lead gen, & more (CVE-2022-3690) , Jun 07, 2024
New vulnerability
The Plus Addons for Elementor (CVE-2025-49076) , Jun 06, 2025
WP Pipes (CVE-2025-48267) , Jun 06, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2025-5292) , Jun 06, 2025
Newsletters (CVE-2025-4857) , Jun 06, 2025
Royal Elementor Addons and Templates (CVE-2025-3813) , Jun 06, 2025