Slick Popup <= 1.7.1 - Privilege Escalation



Description
Subscriber users are able to create an administrator account with hardcoded login credentials.
Proof of Concept
Hardcoded username "slickpopupteam" and its password is OmakPass13#.

Affects Plugin

fixed in version 1.7.2

References

URL https://www.wordfence.com/blog/2019/05/privilege-escalation-flaw-present-in-slick-popup-plugin/
URL https://plugins.trac.wordpress.org/changeset/2097862/slick-popup

Classification

Type AUTHBYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-287

Miscellaneous

Submitter Ryan Dewhurst
Submitter Website https://wpscan.io
Submitter Twitter ethicalhack3r
Views 3684
Verified No
WPVDB ID 9317

Timeline

Publicly Published 2019-05-28 (3 months ago)
Added 2019-05-29 (3 months ago)
Last Updated 2019-06-05 (3 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin