Vulnerabilities > CVE-2021-39325 - Unspecified vulnerability in Optinmonster
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0.
Vulnerable Configurations
References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2595758%40optinmonster&new=2595758%40optinmonster&sfp_email=&sfph_mail=#file2
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2595758%40optinmonster&new=2595758%40optinmonster&sfp_email=&sfph_mail=#file2
- https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39325
- https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39325