RSS   Vulnerabilities for 'Optinmonster'   RSS

2021-11-01
 
CVE-2021-39341

CWE-285
 

 
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4.

 
2019-09-20
 
CVE-2016-10996

CWE-863
 

 
The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak.

 


Copyright 2024, cxsecurity.com

 

Back to Top