CVE-2019-15867

Name of the Vulnerable Software and Affected Versions slick-popup plugin versions prior to 1.7.2

Description The issue concerns a hardcoded password, specifically OmakPass13#, for the slickpopupteam account in the slick-popup plugin. This password can be accessed after a Subscriber initiates a certain AJAX action.

Recommendations For versions prior to 1.7.2, update to version 1.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action that exposes the hardcoded password until the update is applied.