Vulnerabilities and security researches forpromolayer-popup-builder promolayer-popup-builder

Jun 21, 2024

CVE, Research URL: CVE-2024-3602
Home page URL: Security reports for Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer
Application: Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer
Date: Jun 20, 2024
Research Description: The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnect_promolayer function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to remove the Promolayer connection.
Affected versions: max 1.1.1.
Status: vulnerable