On September 28, the main defect is tracked as CVE-2021-39341, which was found by scientist Chloe Chamberland, and a fix was made offered on October 7 in version 2.6.5 of the plugin.
Several vulnerabilities were found just recently by the Wordfence Danger Intelligence team in OptinMonster, its a popular WordPress plugin that is currently set up on more than 1,000,000 WordPress Websites.
In other words, these multiple vulnerabilities permit unauthorized API access to delicate data on more than a million sites on the platform.
While here below we have pointed out the flaw profile with all the crucial details:-.
CVE ID: CVE-2021-39341.
Affected Plugin: OptinMonster.
Description: Unprotected REST-API to Sensitive Information Disclosure and Unauthorized app.optinmonster.com API gain access to.
Plugin Slug: optinmonster.
CVSS Score: 7.2 (High).
Impacted Versions: <