15 matches found
CVE-2026-39700
Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowOptin: from n/a through = 1.4.32...
CVE-2026-39700 WordPress WowOptin plugin <= 1.4.32 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowOptin: from n/a through = 1.4.32...
CVE-2026-39700 WordPress WowOptin plugin <= 1.4.32 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowOptin: from n/a through = 1.4.32...
CVE-2026-39700
The CVE CVE-2026-39700 affects the WPXPO WowOptin plugin for WordPress, with versions up to and including 1.4.32 vulnerable to a Missing Authorization issue due to incorrectly configured access control security levels. The root cause is an access control weakness that allows exploit without authe...
CVE-2026-4302
The WowOptin: Next-Gen Popup Maker plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.29. This is due to the plugin exposing a publicly accessible REST API endpoint optn/v1/integration-action with a permissioncallback of returntrue that...
CVE-2026-4302 WowOptin: Next-Gen Popup Maker <= 1.4.29 - Unauthenticated Server-Side Request Forgery via 'link' Parameter in REST API
The WowOptin: Next-Gen Popup Maker plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.29. This is due to the plugin exposing a publicly accessible REST API endpoint optn/v1/integration-action with a permissioncallback of returntrue that...
CVE-2026-4302
The WowOptin: Next-Gen Popup Maker plugin for WordPress is affected by Server-Side Request Forgery (SSRF) in versions up to and including 1.4.29. The vulnerability stems from a publicly accessible REST API endpoint (optn/v1/integration-action) that uses a permissive permission_callback (__return_...
CVE-2026-4302 WowOptin: Next-Gen Popup Maker <= 1.4.29 - Unauthenticated Server-Side Request Forgery via 'link' Parameter in REST API
The WowOptin: Next-Gen Popup Maker plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.29. This is due to the plugin exposing a publicly accessible REST API endpoint optn/v1/integration-action with a permissioncallback of returntrue that...
WordPress plugin WowOptin: Next-Gen Popup Maker 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-26795
The WowOptin: Next-Gen Popup Maker plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.29. This is due to the plugin exposing a publicly accessible REST API endpoint optn/v1/integration-action with a permission callback of return true that...
CVE-2026-1720
The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'installandactiveplugin' function in all versions up to, and including, 1.4.24. This...
EUVD-2026-9819
The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'installandactiveplugin' function in all versions up to, and including, 1.4.24. This...
CVE-2026-1720 WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation <= 1.4.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation
The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'installandactiveplugin' function in all versions up to, and including, 1.4.24. This...
CVE-2026-1720
The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'installandactiveplugin' function in all versions up to, and including, 1.4.24. This...
PT-2026-23448
The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'install and active plugin' function in all versions up to, and including, 1.4.24...