Skip to content

Instantly share code, notes, and snippets.

@fs0c131y
Last active November 12, 2019 19:56
Show Gist options
  • Save fs0c131y/e47035f0493a2f558fccc172ada715ef to your computer and use it in GitHub Desktop.
Save fs0c131y/e47035f0493a2f558fccc172ada715ef to your computer and use it in GitHub Desktop.
CVEID: CVE-2019-14365
NAME OF AFFECTED PRODUCT(S) AND VERSION(S): Intercom plugin through 1.2.1 for WordPress
PROBLEM TYPE: Insecure Permissions
DESCRIPTION: The Intercom plugin for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.)
CVEID: CVE-2019-14366
NAME OF AFFECTED PRODUCT(S) AND VERSION(S): wpslacksync through 1.8.5 for WordPress
PROBLEM TYPE: Insecure Permissions
DESCRIPTION: The wpslacksync for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.)
CVEID: CVE-2019-14367
NAME OF AFFECTED PRODUCT(S) AND VERSION(S): Slack-chat plugin through 1.5.5 for WordPress
PROBLEM TYPE: Insecure Permissions
DESCRIPTION: The Slack-chat plugin through 1.5.5 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment