Description
WordPress Plugin WordPress Popups for Marketing and Email Newsletters, Lead Generation and Conversions by OptinMonster is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently access sensitive information and make changes to any campaign associated with a site�s connected OptinMonster account, or add malicious JavaScript. WordPress Plugin WordPress Popups for Marketing and Email Newsletters, Lead Generation and Conversions by OptinMonster version 2.6.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.6.5 or latest
References
https://www.wordfence.com/blog/2021/10/1000000-sites-affected-by-optinmonster-vulnerabilities/
https://plugins.svn.wordpress.org/optinmonster/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.1.0)
Oracle JRE CVE-2022-21434 Vulnerability (CVE-2022-21434)
WordPress Plugin Codestyling Localization Multiple Vulnerabilities (1.99.30)
Apache HTTP Server Other Vulnerability (CVE-2003-0254)
MediaWiki Improper Authentication Vulnerability (CVE-2014-2665)