Lucene search
K

5 matches found

NVD
NVD
added 2023/03/13 5:15 p.m.12 views

CVE-2023-0772

The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protecte...

6.5CVSS6.5AI score0.00778EPSS
Exploits2References1
CVE
CVE
added 2023/03/13 4:3 p.m.67 views

CVE-2023-0772

Summary (concrete details): CVE-2023-0772 affects the WordPress plugin “Popup Builder by OptinMonster” (pre-2.12.2). The root cause is the plugin not verifying that a loaded campaign via shortcodes is actually a campaign, enabling any authenticated user with subscriber privileges to retrieve cont...

6.5CVSS6.7AI score0.00778EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/03/13 4:3 p.m.18 views

CVE-2023-0772 Popup Builder by OptinMonster < 2.12.2 - Subscriber+ Arbitrary Post Content Disclosure

The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protecte...

6.7AI score0.00778EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/03/13 4:3 p.m.9 views

CVE-2023-0772 Popup Builder by OptinMonster < 2.12.2 - Subscriber+ Arbitrary Post Content Disclosure

The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protecte...

6.5AI score0.00778EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/03/03 12:0 a.m.10 views

WordPress OptinMonster Plugin < 2.12.2 is vulnerable to Broken Access Control

Software OptinMonster Type Plugin Vulnerable versions 2.12.2 Fixed in 2.12.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0772 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0628b7efbdf5 Credits Erwan LR WPScan Required privileg...

6.5CVSS6.9AI score0.00778EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder