CVE-2024-4045
- EPSS 0.18%
- Veröffentlicht 25.05.2024 06:15:08
- Zuletzt bearbeitet 16.07.2025 15:56:08
The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and including, 2.16.1 due to i...
CVE-2024-33691
- EPSS 0.16%
- Veröffentlicht 26.04.2024 13:15:47
- Zuletzt bearbeitet 21.11.2024 09:17:24
Cross-Site Request Forgery (CSRF) vulnerability in OptinMonster Popup Builder Team OptinMonster.This issue affects OptinMonster: from n/a through 2.15.3.
CVE-2023-0772
- EPSS 0.44%
- Veröffentlicht 13.03.2023 17:15:12
- Zuletzt bearbeitet 27.02.2025 22:15:35
The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts...
CVE-2021-39341
- EPSS 44.32%
- Veröffentlicht 01.11.2021 21:15:07
- Zuletzt bearbeitet 21.11.2024 06:19:16
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used ...
CVE-2021-39325
- EPSS 0.19%
- Veröffentlicht 20.09.2021 20:15:11
- Zuletzt bearbeitet 21.11.2024 06:19:14
The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versi...
CVE-2016-10996
- EPSS 0.16%
- Veröffentlicht 20.09.2019 15:15:12
- Zuletzt bearbeitet 21.11.2024 02:45:15
The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak.