5 matches found
CVE-2023-0772
The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protecte...
CVE-2023-0772
Summary (concrete details): CVE-2023-0772 affects the WordPress plugin “Popup Builder by OptinMonster” (pre-2.12.2). The root cause is the plugin not verifying that a loaded campaign via shortcodes is actually a campaign, enabling any authenticated user with subscriber privileges to retrieve cont...
CVE-2023-0772 Popup Builder by OptinMonster < 2.12.2 - Subscriber+ Arbitrary Post Content Disclosure
The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protecte...
CVE-2023-0772 Popup Builder by OptinMonster < 2.12.2 - Subscriber+ Arbitrary Post Content Disclosure
The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protecte...
WordPress OptinMonster Plugin < 2.12.2 is vulnerable to Broken Access Control
Software OptinMonster Type Plugin Vulnerable versions 2.12.2 Fixed in 2.12.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0772 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0628b7efbdf5 Credits Erwan LR WPScan Required privileg...