| |
Vulnerability CVE-2023-0772
Published: 2023-03-13
| Description: |
The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protected ones. |
Type:
CWE-639 (Authorization Bypass Through User-Controlled Key)
References: |
https://wpscan.com/vulnerability/28754886-b7b4-44f7-9042-b81c542d3c9c
|
|
|
Copyright 2026, cxsecurity.com
|
|
|
