Description
WordPress Plugin WordPress Popups for Marketing and Email Newsletters, Lead Generation and Conversions by OptinMonster is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently access sensitive information and make changes to any campaign associated with a site�s connected OptinMonster account, or add malicious JavaScript. WordPress Plugin WordPress Popups for Marketing and Email Newsletters, Lead Generation and Conversions by OptinMonster version 2.6.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.6.5 or latest
References
https://www.wordfence.com/blog/2021/10/1000000-sites-affected-by-optinmonster-vulnerabilities/
https://plugins.svn.wordpress.org/optinmonster/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Floating Cart for WooCommerce Security Bypass (1.2.2)
WordPress Plugin Auto Attachments TimThumb Arbitrary File Upload (0.3)
WordPress Plugin myCred-Points, Rewards, Gamification, Ranks, Badges & Loyalty SQL Injection (2.2)
WordPress Plugin Fancy Product Designer-WooCommerce Cross-Site Scripting (3.4.1)
WordPress Plugin WP-Spreadplugin Cross-Site Scripting (3.8.6)