Optinmonster - Optinmonster CVE

Filtered by vendor Optinmonster Subscribe

Filtered by product Optinmonster

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-39341	1 Optinmonster	1 Optinmonster	2021-11-03	6.4 MEDIUM	8.2 HIGH
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4.

Vulnerabilities (CVE)