cbcvebase.
CVE-2021-39341
published 2021-11-01

CVE-2021-39341: The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization…

PriorityP179high8.2CVSS 3.1
AVNACLPRNUINSUCHILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
23.27%
97.5th percentile
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4.

Affected

2 ranges
VendorProductVersion rangeFixed in
optinmonsteroptinmonster<= 2.6.4
optinmonsteroptinmonster2.6.4 – 2.6.4

Detection & IOCsextracted from sources · hover to see the quote

url/wp-json/omapp/v1/support
path~/OMAPI/RestApi.php
  • Send an OPTIONS request (with X-HTTP-Method-Override: GET) to /wp-json/omapp/v1/support and look for 'PHP Version', 'OptinMonster', '"functions.php"', and 'Server Info' all present in the response body — this confirms the unprotected REST API endpoint is exposed.
  • Response body match (all four strings must be present simultaneously): 'PHP Version', 'OptinMonster', '"functions.php"', 'Server Info' — indicates sensitive server/plugin configuration disclosure via the unprotected endpoint.
  • The Referer header 'https://wp.app.optinmonster.test' is used in the exploit request to bypass the logged_in_or_has_api_key authorization check on the REST API endpoint.
  • The vulnerable function is logged_in_or_has_api_key in OMAPI/RestApi.php; audit WordPress sites for this plugin version ≤ 2.6.4 and monitor REST API access logs for unauthenticated requests to /wp-json/omapp/ routes.
  • ·The exploit requires only a single unauthenticated HTTP request (max-request: 1) with an X-HTTP-Method-Override header, making it trivially scriptable at scale against any WordPress site running OptinMonster ≤ 2.6.4.
  • ·The vulnerability affects all OptinMonster WordPress plugin versions up to and including 2.6.4; version 2.6.5 contains the fix.
  • ·EPSS score of 0.44317 (97.564th percentile) indicates very high likelihood of exploitation in the wild; prioritize patching accordingly.

CVSS provenance

nvdv3.18.2HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
vulncheck8.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.