cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-4045,https://securityvulnerability.io/vulnerability/CVE-2024-4045,Stored Cross-Site Scripting Vulnerability in OptinMonster's Popup Builder,"The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Popup Builder By Optinmonster – WordPress Popups For Optins, Email Newsletters And Lead Generation",6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-25T05:36:43.663Z,0
CVE-2023-0772,https://securityvulnerability.io/vulnerability/CVE-2023-0772,Popup Builder by OptinMonster < 2.12.2 - Subscriber+ Arbitrary Post Content Disclosure,"The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protected ones.",Wordpress,Popup Builder by OptinMonster,6.5,MEDIUM,0.0008500000112690032,false,,false,false,false,,false,false,2023-03-13T17:15:00.000Z,0
CVE-2021-39341,https://securityvulnerability.io/vulnerability/CVE-2021-39341,OptinMonster <= 2.6.4 Unprotected REST-API Endpoints,"The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4.",Wordpress,Optinmonster,8.2,HIGH,0.0027000000700354576,false,,false,false,false,,false,false,2021-11-01T00:00:00.000Z,0
CVE-2021-39325,https://securityvulnerability.io/vulnerability/CVE-2021-39325,OptinMonster <= 2.6.0 Reflected Cross-Site Scripting,"The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0.",Wordpress,Optinmonster,6.1,MEDIUM,0.0008999999845400453,false,,false,false,false,,false,false,2021-09-20T00:00:00.000Z,0
CVE-2016-10996,https://securityvulnerability.io/vulnerability/CVE-2016-10996,,The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak.,Wordpress,Optinmonster,5.3,MEDIUM,0.0007099999929778278,false,,false,false,false,,false,false,2019-09-20T14:07:07.000Z,0