Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical0
High1
Medium3
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2025-07-16

CVE-2024-4045 - Optinmonster Plugin

The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Optinmonster

CVE-2024-4045

MEDIUM CVSS 6.4 2024-05-25
Open Full Technical Breakdown
Threat Entry Updated 2025-02-27

CVE-2023-0772 - Optinmonster Plugin

The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protected ones.

PLUGIN Optinmonster

CVE-2023-0772

MEDIUM CVSS 6.5 2023-03-13
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-39341 - Optinmonster Plugin

The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4.

PLUGIN Optinmonster

CVE-2021-39341

HIGH CVSS 8.2 2021-11-01
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-39325 - Optinmonster Plugin

The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0.

PLUGIN Optinmonster

CVE-2021-39325

MEDIUM CVSS 6.1 2021-09-20
Open Full Technical Breakdown
Scroll to top