ThreatPress

WordPress Vulnerabilities Database

Back

WordPress OptinMonster Plugin <= 1.1.4.5 - Execution of Arbitrary Shortcodes

Product
OptinMonster
Description
Because of this vulnerability, unauthenticated users can execute arbitrary WordPress shortcodes via a simple HTTP GET request.
Solution
Update the plugin.
Classification
Type BYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
References
Pritect
CVE
Name CVE-N/A
Versions
Affected In <= 1.1.4.5
Fixed In 1.1.4.6
Disclosure date
2016-03-22
Submitter
ThreatPress