Description
WordPress Plugin WordPress Popups for Marketing and Email Newsletters, Lead Generation and Conversions by OptinMonster is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently access sensitive information and make changes to any campaign associated with a site�s connected OptinMonster account, or add malicious JavaScript. WordPress Plugin WordPress Popups for Marketing and Email Newsletters, Lead Generation and Conversions by OptinMonster version 2.6.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.6.5 or latest
References
https://www.wordfence.com/blog/2021/10/1000000-sites-affected-by-optinmonster-vulnerabilities/
https://plugins.svn.wordpress.org/optinmonster/trunk/readme.txt
Related Vulnerabilities
WebLogic CVE-2019-2889 Vulnerability (CVE-2019-2889)
WordPress Plugin Coming Soon & Maintenance Mode Page Unspecified Vulnerability (1.40)
WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.22)
MySQL CVE-2018-3058 Vulnerability (CVE-2018-3058)
WordPress Plugin Themify Portfolio Post Cross-Site Scripting (1.2.1)