Access control in menu page

Skrevet den af i Popup Builder by OptinMonster

Added a capability check (current_user_can) before registering OptinMonster admin menu pages, preventing users without the required capability from accessing or registering the menu pages. This hardens admin access control and avoids exposing admin screens to unauthorized users.

This vulnerability affects the following application versions:

  • Popup Builder by OptinMonster 2.5.2
  • Popup Builder by OptinMonster 2.5.3
  • Popup Builder by OptinMonster 2.6.2
  • Popup Builder by OptinMonster 2.6.3
  • Popup Builder by OptinMonster 2.6.4
  • Popup Builder by OptinMonster 2.6.5
  • Popup Builder by OptinMonster 2.6.6
  • Popup Builder by OptinMonster 2.6.7
  • Popup Builder by OptinMonster 2.6.8
  • Popup Builder by OptinMonster 2.6.9
  • Popup Builder by OptinMonster 2.6.10
  • Popup Builder by OptinMonster 2.6.11
  • Popup Builder by OptinMonster 2.6.12
  • Popup Builder by OptinMonster 2.7.0
  • Popup Builder by OptinMonster 2.8.0
  • Popup Builder by OptinMonster 2.8.1
  • Popup Builder by OptinMonster 2.9.0
  • Popup Builder by OptinMonster 2.10.0
  • Popup Builder by OptinMonster 2.11.0
  • Popup Builder by OptinMonster 2.11.1
  • Popup Builder by OptinMonster 2.11.2
  • Popup Builder by OptinMonster 2.12.0
  • Popup Builder by OptinMonster 2.12.1
  • Popup Builder by OptinMonster 2.13.0
  • Popup Builder by OptinMonster 2.13.1
  • Popup Builder by OptinMonster 2.13.2
  • Popup Builder by OptinMonster 2.13.3
  • Popup Builder by OptinMonster 2.13.4
  • Popup Builder by OptinMonster 2.13.5
  • Popup Builder by OptinMonster 2.13.6
  • Popup Builder by OptinMonster 2.13.7
  • Popup Builder by OptinMonster 2.13.8
  • Popup Builder by OptinMonster 2.14.0
  • Popup Builder by OptinMonster 2.14.1
  • Popup Builder by OptinMonster 2.15.0
  • Popup Builder by OptinMonster 2.15.1
  • Popup Builder by OptinMonster 2.15.2
  • Popup Builder by OptinMonster 2.15.3
  • Popup Builder by OptinMonster 2.16.0
  • Popup Builder by OptinMonster 2.16.1
  • Popup Builder by OptinMonster 2.16.2
  • Popup Builder by OptinMonster 2.16.3
  • Popup Builder by OptinMonster 2.16.4
  • Popup Builder by OptinMonster 2.16.5
  • Popup Builder by OptinMonster 2.16.6
  • Popup Builder by OptinMonster 2.16.7

XSS in debug GET request.

Skrevet den af i Popup Builder by OptinMonster

In Omapi debug module the get request to show the output dialog is not sanitized which can lead to XSS vectors.

This vulnerability affects the following application versions:

  • Popup Builder by OptinMonster 2.6.2
  • Popup Builder by OptinMonster 2.6.3
  • Popup Builder by OptinMonster 2.6.4
  • Popup Builder by OptinMonster 2.6.5
  • Popup Builder by OptinMonster 2.6.6
  • Popup Builder by OptinMonster 2.6.7
  • Popup Builder by OptinMonster 2.6.8
  • Popup Builder by OptinMonster 2.6.9
  • Popup Builder by OptinMonster 2.6.10
  • Popup Builder by OptinMonster 2.6.11
  • Popup Builder by OptinMonster 2.6.12
  • Popup Builder by OptinMonster 2.7.0
  • Popup Builder by OptinMonster 2.8.0
  • Popup Builder by OptinMonster 2.8.1
  • Popup Builder by OptinMonster 2.9.0
  • Popup Builder by OptinMonster 2.10.0
  • Popup Builder by OptinMonster 2.11.0
  • Popup Builder by OptinMonster 2.11.1
  • Popup Builder by OptinMonster 2.11.2
  • Popup Builder by OptinMonster 2.12.0
  • Popup Builder by OptinMonster 2.12.1
  • Popup Builder by OptinMonster 2.13.0
  • Popup Builder by OptinMonster 2.13.1
  • Popup Builder by OptinMonster 2.13.2
  • Popup Builder by OptinMonster 2.13.3
  • Popup Builder by OptinMonster 2.13.4
  • Popup Builder by OptinMonster 2.13.5
  • Popup Builder by OptinMonster 2.13.6
  • Popup Builder by OptinMonster 2.13.7
  • Popup Builder by OptinMonster 2.13.8
  • Popup Builder by OptinMonster 2.14.0
  • Popup Builder by OptinMonster 2.14.1
  • Popup Builder by OptinMonster 2.15.0
  • Popup Builder by OptinMonster 2.15.1
  • Popup Builder by OptinMonster 2.15.2
  • Popup Builder by OptinMonster 2.15.3
  • Popup Builder by OptinMonster 2.16.0
  • Popup Builder by OptinMonster 2.16.1
  • Popup Builder by OptinMonster 2.16.2

Improved security check for dismiss pointer

Skrevet den af i Popup Builder by OptinMonster

Dissmis wp pointer request doesnt have a nonce to be correctly validated.

This vulnerability affects the following application versions:

  • Popup Builder by OptinMonster 2.5.2
  • Popup Builder by OptinMonster 2.5.3
  • Popup Builder by OptinMonster 2.6.2
  • Popup Builder by OptinMonster 2.6.3
  • Popup Builder by OptinMonster 2.6.4
  • Popup Builder by OptinMonster 2.6.5
  • Popup Builder by OptinMonster 2.6.6
  • Popup Builder by OptinMonster 2.6.7
  • Popup Builder by OptinMonster 2.6.8
  • Popup Builder by OptinMonster 2.6.9
  • Popup Builder by OptinMonster 2.6.10
  • Popup Builder by OptinMonster 2.6.11
  • Popup Builder by OptinMonster 2.6.12
  • Popup Builder by OptinMonster 2.7.0
  • Popup Builder by OptinMonster 2.8.0
  • Popup Builder by OptinMonster 2.8.1
  • Popup Builder by OptinMonster 2.9.0
  • Popup Builder by OptinMonster 2.10.0
  • Popup Builder by OptinMonster 2.11.0
  • Popup Builder by OptinMonster 2.11.1
  • Popup Builder by OptinMonster 2.11.2
  • Popup Builder by OptinMonster 2.12.0
  • Popup Builder by OptinMonster 2.12.1
  • Popup Builder by OptinMonster 2.13.0
  • Popup Builder by OptinMonster 2.13.1
  • Popup Builder by OptinMonster 2.13.2
  • Popup Builder by OptinMonster 2.13.3
  • Popup Builder by OptinMonster 2.13.4
  • Popup Builder by OptinMonster 2.13.5
  • Popup Builder by OptinMonster 2.13.6
  • Popup Builder by OptinMonster 2.13.7
  • Popup Builder by OptinMonster 2.13.8
  • Popup Builder by OptinMonster 2.14.0
  • Popup Builder by OptinMonster 2.14.1
  • Popup Builder by OptinMonster 2.15.0
  • Popup Builder by OptinMonster 2.15.1
  • Popup Builder by OptinMonster 2.15.2
  • Popup Builder by OptinMonster 2.15.3