4 matches found
OptinMonster Plugin < 2.6.5 - Unprotected REST-API
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the loggedinorhasapikey function in the /OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with...
CVE-2021-39341
The CVE-2021-39341 issue affects the OptinMonster WordPress plugin (versions up to 2.6.4) due to insufficient authorization validation in the REST API implemented in OMAPI/RestApi.php, leading to sensitive information disclosure and unauthorized setting updates via unprotected REST-API endpoints....
Update your OptinMonster WordPress plugin immediately
WordPress, the incredibly popular content management platform, is currently dealing with a nasty plugin bug which allows redirects. What is a WordPress plugin? Like most blogging platforms, WordPress allows you to change up its default functionality. This is done by adding bits of kit called...
1,000,000 Sites Affected by OptinMonster Vulnerabilities
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 28, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for several vulnerabilities we discovered in...