Hardcoded Password Vulnerability in Slick-Popup Plugin for WordPress

Hardcoded Password Vulnerability in Slick-Popup Plugin for WordPress

CVE-2019-15867 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13# password for the slickpopupteam account, after a Subscriber calls a certain AJAX action.

Learn more about our Wordpress Pen Testing.