CVE-2016-10996

5.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Optinmonster
Vendor: CVE Published:; 20 September 2019

Summary

The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak.

References

https://wordpress.org/plugins/optinmonster/#developers

x_refsource_MISC

http://www.pritect.net/blog/optinmonster-1-1-4-6-security...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 20, 2019
Vulnerability Reserved
Sep 20, 2019

.