63 matches found
OptinMonster Plugin < 2.6.5 - Unprotected REST-API
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the loggedinorhasapikey function in the /OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with...
CVE-2016-10996
The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...
EUVD-2016-1987
Malware in sbrugna...
EUVD-2024-31403
Malicious code in bioql PyPI...
EUVD-2024-32610
Malicious code in bioql PyPI...
CVE-2024-4045
The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaignid’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output...
CVE-2024-33691
Cross-Site Request Forgery CSRF vulnerability in OptinMonster Popup Builder Team OptinMonster.This issue affects OptinMonster: from n/a through 2.15.3...
WordPress OptinMonster plugin <= 2.16.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin OptinMonster versions = 2.16.1...
WordPress OptinMonster Plugin <= 2.16.1 is vulnerable to Cross Site Scripting (XSS)
Software OptinMonster Type Plugin Vulnerable versions = 2.16.1 Fixed in 2.16.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4045 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a0cc3f9ad807 Credits wesley wcraft Required...
Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation < 2.16.2 - Contributor+ Stored Cross-Site Scripting
Description The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaignid’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and...
CVE-2024-4045
The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaignid’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output...
CVE-2024-4045
The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaignid’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output...
CVE-2024-4045 Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation <= 2.16.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaignid’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output...
CVE-2024-4045 Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation <= 2.16.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaignid’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output...
WordPress plugin Popup Builder by OptinMonster 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation < 2.16.0 - Cross-Site Request Forgery to Notice Dismissal
Description The OptinMonster plugin is vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the validatepleaseconnectnoticedismiss function. This makes it possible for unauthenticated attackers to dismiss notices via a forged request granted they can...
CVE-2024-33691
Cross-Site Request Forgery CSRF vulnerability in OptinMonster Popup Builder Team OptinMonster.This issue affects OptinMonster: from n/a through 2.15.3...
CVE-2024-33691
CVE-2024-33691 is a Cross-Site Request Forgery (CSRF) vulnerability in the OptinMonster Popup Builder for WordPress (Plugin: Popup Builder by OptinMonster) tracked across multiple sources. Affected versions are listed as up to 2.15.3 (n/a through 2.15.3). The connected data describe exploitation ...
CVE-2024-33691 WordPress Popup Builder by OptinMonster plugin <= 2.15.3 - Cross Site Request Forgery (CSRF) Notice Dismissal vulnerability
Cross-Site Request Forgery CSRF vulnerability in OptinMonster Popup Builder Team OptinMonster.This issue affects OptinMonster: from n/a through 2.15.3...
WordPress Popup Builder by OptinMonster plugin <= 2.15.3 - Cross Site Request Forgery (CSRF) Notice Dismissal vulnerability
Cross Site Request Forgery CSRF Notice Dismissal vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin OptinMonster versions = 2.15.3...