WordPress Plugin Vulnerabilities

OptinMonster <= 1.1.4.5 - Execution of Arbitrary Shortcodes

Description

Unauthenticated users are able to execute arbitrary WordPress shortcodes via a simple HTTP GET request. While the command is protected by a nonce, the nonce is leaked on every page load.

Affects Plugins

Plugin icon
optinmonster
Fixed in 1.1.4.6

References

CVE
CVE-2016-10996
URL
https://www.pritect.net/blog/optinmonster-1-1-4-6-security-vulnerability

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
5.3 (medium)

Miscellaneous

Submitter
James Golovich
Submitter website
http://pritect.net
Submitter twitter
Pritect
Verified
No
WPVDB ID
ece6b16d-c34e-4a61-9965-bd2d2966f183

Timeline

Publicly Published
2016-03-22 (about 10 years ago)
Added
2016-03-22 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-12-12
Title
JAY Login & Register < 2.5.01 - Authentication Bypass via Cookie
Published
2023-01-27
Title
ContentStudio < 1.2.6 - Authorisation Bypass
Published
2024-06-19
Title
Lifeline Donation <= 1.2.6 - Authentication Bypass
Published
2021-12-08
Title
Registration Magic < 5.0.1.8 - Authentication Bypass
Published
2015-03-19
Title
All-in-One WP Migration < 2.0.5 - Unauthenticated Database Export