High severity8.2NVD Advisory· Published Nov 1, 2021· Updated Jun 17, 2026
CVE-2021-39341
CVE-2021-39341
Description
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 2.6.4
Patches
Vulnerability mechanics
References
3- www.wordfence.com/blog/2021/10/1000000-sites-affected-by-optinmonster-vulnerabilities/nvdExploitThird Party Advisory
- plugins.trac.wordpress.org/browser/optinmonster/trunk/OMAPI/RestApi.phpnvdThird Party Advisory
- wordfence.com/vulnerability-advisories/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.