PT-2026-23448 · WordPress · Wowoptin+1

Itthidej Aramsri

+1

·

Publicado

2026-03-05

·

Atualizado

2026-03-05

·

CVE-2026-1720

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress versions up to and including 1.4.24
Description The WowOptin plugin for WordPress is susceptible to unauthorized arbitrary plugin installation. This is due to a missing capability check within the install and active plugin function. Authenticated attackers possessing Subscriber-level access or higher can exploit this to install and activate plugins without authorization.
Recommendations Versions prior to and including 1.4.24 should be updated.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2026-1720

Produtos afetados

Wordpress
Wowoptin