Popup Builder by OptinMonster < 2.12.2 - Subscriber+ Arbitrary Post Content Disclosure

The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protected ones.

N/A

N/A

WordPress Plugin OptinMonster 安全漏洞

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin OptinMonster 2.12.2之前版本存在安全漏洞，该漏洞源于该插件不能确保通过某些短代码加载的campaign是一个campaign，攻击者利用该漏洞可以检索任意帖子的内容。

N/A

N/A