Vulnerabilities > Optinmonster > Optinmonster > 2.6.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-13 | CVE-2023-0772 | Unspecified vulnerability in Optinmonster The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protected ones. | 6.5 |
2021-11-01 | CVE-2021-39341 | Incorrect Authorization vulnerability in Optinmonster The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. | 6.4 |