Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Members of public are advised to stay vigilant and not follow any instructions given by these scammers. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Vulnerability in OptinMonster
Alerts

Vulnerability in OptinMonster

28 October 2021

The developers of OptinMonster, a WordPress plugin, have released a security update to address a vulnerability (CVE-2021-39341), which may allow an unauthenticated attacker to export sensitive information and add malicious JavaScript to WordPress sites.

The vulnerability affects OptinMonster versions 2.6.1 and earlier. 

Users and administrators of the affected versions are advised to upgrade to the latest version immediately. 

More information is available here:
https://www.wordfence.com/blog/2021/10/1000000-sites-affected-by-optinmonster-vulnerabilities/
https://therecord.media/wordpress-plugin-bug-lets-attackers-inject-code-into-vulnerable-sites/