CVE-2021-39341 Scanner

The OptinMonster Plugin is a popular add-on for WordPress, employed to enhance the marketing capabilities of a WordPress site. It is utilized by website administrators and marketers to establish effective lead generation campaigns, which can significantly increase conversions and sales. By enabling users to create engaging opt-in forms and pop-ups, the plugin seeks to improve user engagement and subscriber numbers. The tool is favored for its ease of use and the ability to integrate directly with email marketing platforms, allowing seamless management of marketing campaigns. Its implementation is targeted at broadening reach and enhancing interactions with visitors through highly customizable settings. The plugin is utilized worldwide, serving a variety of industries seeking to optimize their online presence and user engagement.

The vulnerability in the OptinMonster Plugin relates to inadequate authentication measures for its REST-API. The vulnerability allows unauthorized users to access sensitive information and update settings due to insufficient authorization validation in the ~/OMAPI/RestApi.php file. Malicious actors can exploit this vulnerability to inject harmful web scripts into sites containing the plugin, leading to potential data leaks. The issue affects versions up to, including, OptinMonster Plugin 2.6.4. This flaw emerges from the logged_in_or_has_api_key function failing to adequately restrict access to critical functions, which therefore compromises site integrity. As a prevalent plugin in marketing campaigns, vulnerabilities in OptinMonster can have widespread consequences across numerous WordPress sites.

The technical vulnerability is located in the ~/OMAPI/RestApi.php file of the OptinMonster Plugin, wherein the function logged_in_or_has_api_key fails to correctly perform authorization checks. This leads to unauthorized access where attackers can exploit this entry point using crafted requests to manipulate API calls. The vulnerability involves settings exposure and permissions manipulation, potentially leading to malicious script injection. As a result, sensitive site information becomes accessible to unauthorized users. Elements of the plugin API that inadvertently leak such data include PHP Version and Server Info, which attackers can leverage for reconnaissance and crafting further attacks. This information exposure does not only signify a breach of unauthorized data access but highlights a design flaw in API authentication processes.

Exploiting this vulnerability could have severe implications, such as unauthorized access to sensitive information and the ability to conduct unapproved updates that could modify website settings, impacting site functionality and security. Attackers could inject malicious scripts, leading to potential data breaches or malware dissemination, and escalate privileges to take control over the website operations. Furthermore, unauthorized changes can degrade site performance or deface content, undermining user trust and potentially harming the site's reputation. More critical sites may face heavier consequences, impacting brand trust and revenue streams. The vulnerability could also be leveraged to create a foothold for further exploitation and persistence on compromised systems.

REFERENCES

• https://nvd.nist.gov/vuln/detail/CVE-2021-39341
• https://plugins.trac.wordpress.org/browser/optinmonster/trunk/OMAPI/RestApi.php?rev=2606519#L1460
• https://wordfence.com/vulnerability-advisories/#CVE-2021-39341