1,000,000 WordPress Websites Affected with OptinMonster Vulnerabilities


On September 28, the main defect is tracked as CVE-2021-39341, which was found by scientist Chloe Chamberland, and a fix was made offered on October 7 in version 2.6.5 of the plugin.

Several vulnerabilities were found just recently by the Wordfence Danger Intelligence team in OptinMonster, its a popular WordPress plugin that is currently set up on more than 1,000,000 WordPress Websites.

In other words, these multiple vulnerabilities permit unauthorized API access to delicate data on more than a million sites on the platform.

The vulnerabilities recognized in OptinMonster allow an enemy to export delicate data, put destructive JavaScript onto the vulnerable WordPress websites, and do numerous other actions remotely.

While here below we have pointed out the flaw profile with all the crucial details:-.

Defect profile

CVE ID: CVE-2021-39341.
Affected Plugin: OptinMonster.
Description: Unprotected REST-API to Sensitive Information Disclosure and Unauthorized app.optinmonster.com API gain access to.
Plugin Slug: optinmonster.
CVSS Score: 7.2 (High).
Impacted Versions: <