The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnect_promolayer function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to remove the Promolayer connection.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-06-20T02:08:19.025Z

Updated: 2024-08-01T20:12:08.142Z

Reserved: 2024-04-10T16:22:09.131Z

Link: CVE-2024-3602

cve-icon Vulnrichment

Updated: 2024-08-01T20:12:08.142Z

cve-icon NVD

Status : Modified

Published: 2024-06-20T02:15:10.590

Modified: 2024-11-21T09:29:57.953

Link: CVE-2024-3602

cve-icon Redhat

No data.