Description

WordPress Plugin WP Intercom-Slack for WordPress is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin WP Intercom-Slack for WordPress version 1.2.1 is vulnerable; prior versions may also be affected.

Remediation

Disable the plugin until a fix is available

References

https://gist.githubusercontent.com/fs0c131y/e47035f0493a2f558fccc172ada715ef/raw/36b2b20c8edea167641e5c7b32b34fa7736f38ad/CVE-2019-14365

Related Vulnerabilities

WordPress Plugin IGIT Posts Slider Widget TimThumb Arbitrary File Upload (1.1)

WordPress Plugin Accordion Shortcodes Cross-Site Scripting (2.4.2)

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Multiple Vulnerabilities (2.0.15)

Drupal Core 4.6.x SQL Injection (4.6.0 - 4.6.6)

WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (8.0.05)

Severity

High

Classification

CVE-2019-14365 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Information Disclosure