cleantalk
Vulnerabilities and Security Researches

Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer, CVE-2024-3602

CVE, Research URL

CVE-2024-3602

Home page URL

Security reports for Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer

Application

Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer

Published on
Jun 20, 2024
Research Description
The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnect_promolayer function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to remove the Promolayer connection.
Affected versions
max 1.1.1.
Status
vulnerable
Previous vulnerability researches
Pretty Simple Popup Builder (CVE-2024-56298) , Jan 07, 2025
Pretty Simple Popup Builder (151dd12759a625ce194d0174ccb42453eeaa1d0a) , Jun 07, 2024
Pretty Simple Popup Builder (CVE-2024-39626) , Jul 27, 2024
Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer (CVE-2024-3602) , Jun 21, 2024
WP Popup Builder – Popup Forms and Marketing Lead Generation (CVE-2024-9061) , Oct 17, 2024
New vulnerability
Image Optimizer by Elementor – Compress, Resize and Optimize Images (CVE-2026-25387) , Feb 27, 2026
Printful Integration for WooCommerce (CVE-2025-12375) , Feb 27, 2026
PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes (CVE-2026-25322) , Feb 27, 2026
Page Builder Gutenberg Blocks – CoBlocks (CVE-2026-27094) , Feb 27, 2026
ElementsKit Elementor addons (CVE-2026-23693) , Feb 27, 2026