WordPress · Optinmonster · CVE-2021-39325
Name of the Vulnerable Software and Affected Versions:
OptinMonster WordPress plugin versions up to and including 2.6.0
Description:
The issue is related to Reflected Cross-Site Scripting due to insufficient input validation in the `load previews` function found in the `~/OMAPI/Output.php` file. This allows attackers to inject arbitrary web scripts.
Recommendations:
For versions up to and including 2.6.0, update to a version higher than 2.6.0 to resolve the issue. As a temporary workaround, consider restricting access to the `load previews` function in the `~/OMAPI/Output.php` file until a patch is available.