Incorrect Access Control for Shortcodes in OptinMonster Plugin for WordPress (Version 1.1.4.6) Due to Nonce Leak

Incorrect Access Control for Shortcodes in OptinMonster Plugin for WordPress (Version 1.1.4.6) Due to Nonce Leak

CVE-2016-10996 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak.

Learn more about our Wordpress Pen Testing.