Vulnerability in OptinMonster

Published on 28 Oct 2021

Updated on 28 Oct 2021

The developers of OptinMonster, a WordPress plugin, have released a security update to address a vulnerability (CVE-2021-39341), which may allow an unauthenticated attacker to export sensitive information and add malicious JavaScript to WordPress sites.

 

The vulnerability affects OptinMonster versions 2.6.1 and earlier. 

 

Users and administrators of the affected versions are advised to upgrade to the latest version immediately. 

 

More information is available here:
https://www.wordfence.com/blog/2021/10/1000000-sites-affected-by-optinmonster-vulnerabilities/

https://therecord.media/wordpress-plugin-bug-lets-attackers-inject-code-into-vulnerable-sites/