Security News > 2021 > October > WordPress plugin bug impacts 1M sites, allows malicious redirects
The OptinMonster plugin is affected by a high-severity flaw that allows unauthorized API access and sensitive information disclosure on roughly a million WordPress sites.
OptinMonster is one of the most popular WordPress plugins used to create beautiful opt-in forms that help site owners convert visitors to subscribers/customers.
An attacker holding the API key could make changes on the OptinMonster accounts or even plant malicious JavaScript snippets on the site.
After the researcher's report reached the OptinMonster team, the developers of the popular WordPress plugin realized that the entire API needed revisiting.
You must install any OptinMonster updates that land on your WordPress dashboard over the following weeks, as these will likely address additional API flaws.
If you are a site owner, try to use the minimum number of plugins to cover the necessary functionality and usability and apply plugin updates as soon as possible.