Filtered by vendor Optinmonster
Subscribe
Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39341 | 1 Optinmonster | 1 Optinmonster | 2021-11-03 | 6.4 MEDIUM | 8.2 HIGH |
| The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4. | |||||
| CVE-2021-39325 | 1 Optinmonster | 1 Optinmonster | 2021-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0. | |||||
| CVE-2016-10996 | 1 Optinmonster | 1 Optinmonster | 2019-09-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak. | |||||