Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Optinmonster Subscribe
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-0772 1 Optinmonster 1 Optinmonster 2023-03-16 N/A 6.5 MEDIUM
The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protected ones.
CVE-2021-39341 1 Optinmonster 1 Optinmonster 2022-08-05 6.4 MEDIUM 8.2 HIGH
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4.
CVE-2021-39325 1 Optinmonster 1 Optinmonster 2021-09-28 4.3 MEDIUM 6.1 MEDIUM
The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0.
CVE-2016-10996 1 Optinmonster 1 Optinmonster 2019-09-20 5.0 MEDIUM 5.3 MEDIUM
The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak.