Login Sign Up

CVE-2021-39341

8.2 HIGH
Authentication Bypass

📋 TL;DR

The OptinMonster WordPress plugin vulnerability allows attackers to bypass authorization checks and access sensitive information or modify plugin settings without proper authentication. This affects all WordPress sites running OptinMonster plugin versions up to 2.6.4, potentially exposing over 1 million websites to compromise.

💻 Affected Systems

Products:
  • OptinMonster WordPress Plugin
Versions: All versions up to and including 2.6.4
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: All WordPress installations with vulnerable OptinMonster versions are affected regardless of configuration.

📦 What is this software?

Optinmonster by Optinmonster

View all CVEs affecting Optinmonster →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to WordPress sites, inject malicious scripts, steal sensitive data, and potentially achieve full site takeover.

🟠

Likely Case

Unauthorized users modify OptinMonster settings, inject malicious scripts into pages, and access sensitive plugin configuration data.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, but plugin functionality remains compromised.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires some WordPress user access but not administrative privileges. Public exploit details available in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.6.5 and later

Vendor Advisory: https://wordpress.org/plugins/optinmonster/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find OptinMonster and click 'Update Now'. 4. Verify version is 2.6.5 or higher.

🔧 Temporary Workarounds

Disable OptinMonster Plugin

all

Temporarily disable the vulnerable plugin until patching is possible

wp plugin deactivate optinmonster

Restrict API Access

all

Block access to OptinMonster REST API endpoints via web application firewall

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate WordPress installation
  • Enable detailed logging and monitoring for unauthorized API access attempts

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → OptinMonster version. If version is 2.6.4 or lower, system is vulnerable.

Check Version:

wp plugin get optinmonster --field=version

Verify Fix Applied:

Verify OptinMonster plugin version is 2.6.5 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized POST requests to /wp-json/omapp/v1/* endpoints
  • Unexpected modifications to OptinMonster settings

Network Indicators:

  • Unusual API calls to OptinMonster REST endpoints from unauthorized IPs

SIEM Query:

source="wordpress.log" AND (uri_path="/wp-json/omapp/v1/*" AND http_method=POST) AND user_role!="administrator"

📊 Metadata

CVE ID: CVE-2021-39341
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CWE: CWE-285
Published: November 1, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-39341, you might also want to check these:

CVE-2025-65041 10.0

CVE-2025-65041 is an improper authorization vulnerability in Microsoft Partner Center that allows un...

Same vulnerability type (CWE-285)
CVE-2021-37705 10.0

CVE-2021-37705 is an authorization bypass vulnerability in OneFuzz that allows authenticated users f...

Same vulnerability type (CWE-285)
CVE-2023-33189 10.0

CVE-2023-33189 is an authorization bypass vulnerability in Pomerium identity-aware access proxy. Att...

Same vulnerability type (CWE-285)