VYPR

Optinmonster

by WordPress

CVEs (5)

  • CVE-2021-39341HigNov 1, 2021
    risk 0.55cvss 8.2epss 0.23

    The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious…

  • CVE-2021-39325MedSep 20, 2021
    risk 0.40cvss 6.1epss 0.01

    The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0.

  • CVE-2024-4045MedMay 25, 2024
    risk 0.35cvss 6.4epss 0.00

    The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and including, 2.16.1 due to insufficient input…

  • CVE-2016-10996MedSep 20, 2019
    risk 0.35cvss 5.3epss 0.01

    The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak.

  • CVE-2024-33691MedApr 26, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in OptinMonster Popup Builder Team OptinMonster.This issue affects OptinMonster: from n/a through 2.15.3.