WordPress Plugin OptinMonster Popups on 500 thousand sites allows unauthenticated users to admin backend

Update: upon further review we reaffirm our post, but make the following annotation; the severity of this issue maybe less then originally thought. We are continuing our evaluation and we will post our findings.
update: We completed our review of the code in the screenshot of this post and while we identified variables that would lead to severe vulnerabilities, we have not been able to find use of the vulnerable variables, however the classes are still vulnerable and need to be updated. The severity of this particular problem is low.

The WordPress plugin Optinmonster API has left over 500 thousand sites vulnerable to a security flaw. Thankfully we have a fix you can buy for this one vulnerability.

During our code review we discovered that the admin area is protected by a WordPress function called is_admin, which is a misunderstood function, that allows admins and unauthenticated users alike to access the information in optinmonster API. What does this mean to you, the user? It means that you can access the admin features, but so can criminals.

What does optinmonster protect using is_admin? At first glance it is just one line of code, so how bad could that actually be? It turns out that one line of code as you can tell is calling almost all of the rest of the code in the application.

optin monster api vulnerable

Yes, the one line of code load_admin, loads everything that should be administrator only, but instead is accessible for all.

 

 

As you can tell above, the administrator menu, admin actions, reviews the admin has access to, the welcome page, the site content and the ability to save content among other things are  accessible to anyone or any bot who logs onto the site. This is a severe vulnerability leaving the admin side of your site vulnerable, so we have written a patch for this one vulnerability in the WordPress plugin Optinmonster, also known as Optinmonster API. You  can buy the more secure version of the WordPress optinmonster plugin on our site. We may patch more vulnerabilities in this plugin, but we can say that our version of WordPress plugin optinmonster is currently more secure then what is available and we can continue to update it to be more secure.

 

We provide updates for any plugin with over 500 thousand users for premium customers, all they have to do is ask us tell us what plugins they’re using that are popular and we will check the security of them.

Don’t miss out on our security tips!

We don’t spam! Read our privacy policy for more info.