Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
optinmonster optinmonster vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-0772
The Popup Builder by OptinMonster WordPress plugin prior to 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or eve...
Optinmonster Optinmonster
5.3
CVSSv3
CVE-2016-10996
The optinmonster plugin prior to 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak.
Optinmonster Optinmonster
6.1
CVSSv3
CVE-2021-39325
The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including ...
Optinmonster Optinmonster
8.2
CVSSv3
CVE-2021-39341
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious we...
Optinmonster Optinmonster
NA
CVE-2024-33691
Cross-Site Request Forgery (CSRF) vulnerability in OptinMonster Popup Builder Team OptinMonster.This issue affects OptinMonster: from n/a up to and including 2.15.3.
6.4
CVSSv3
CVE-2024-4045
The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and including, 2.16.1 due to insufficient ...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started