Lucene search
+L

4 matches found

Nuclei
Nuclei
added yesterday66 views

OptinMonster Plugin < 2.6.5 - Unprotected REST-API

The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the loggedinorhasapikey function in the /OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with...

8.2CVSS7AI score0.2327EPSS
Exploits1References3
CVE
CVE
added 2021/11/01 9:1 p.m.103 views

CVE-2021-39341

The CVE-2021-39341 issue affects the OptinMonster WordPress plugin (versions up to 2.6.4) due to insufficient authorization validation in the REST API implemented in OMAPI/RestApi.php, leading to sensitive information disclosure and unauthorized setting updates via unprotected REST-API endpoints....

8.2CVSS7.8AI score0.2327EPSS
Exploits1References3Affected Software1
Malwarebytes
Malwarebytes
added 2021/10/29 2:35 p.m.105 views

Update your OptinMonster WordPress plugin immediately

WordPress, the incredibly popular content management platform, is currently dealing with a nasty plugin bug which allows redirects. What is a WordPress plugin? Like most blogging platforms, WordPress allows you to change up its default functionality. This is done by adding bits of kit called...

6.4CVSS8.3AI score0.2327EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2021/10/27 2:2 p.m.126 views

1,000,000 Sites Affected by OptinMonster Vulnerabilities

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 28, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for several vulnerabilities we discovered in...

6.4CVSS8.6AI score0.2327EPSS
Exploits1
Rows per page
Query Builder