2 matches found
CVE-2026-8848
The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.22.0. This is due to the plugin not properly verifying that a user is authorized to perform an...
Shipt: Api Token Leaked in [shoppers.shipt.com]
A researcher reported an API key stored in source code that was part of a 3rd party knowledge base integration. The Shipt information security team immediately investigated the report and determined that the API key referenced was a legacy token that was no longer being used. While it didn't...