Browse all 4 CVE security advisories affecting OptinlyHQ. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OptinlyHQ develops lead generation and email collection tools for websites, primarily serving digital marketers and businesses. Historically, their products have been vulnerable to cross-site scripting (XSS) and remote code execution (RCE) due to improper input validation and insecure deserialization. The company has addressed four CVEs to date, with vulnerabilities often stemming from insufficient sanitization of user-supplied data and misconfigured access controls. While no major public security incidents have been documented, the recurring nature of these flaws suggests a need for enhanced security testing protocols. Their codebase remains under scrutiny as organizations increasingly prioritize secure implementation of marketing automation tools.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-37220 | WordPress Optinly plugin <= 1.0.18 - Broken Access Control vulnerability — OptinlyCWE-862 | 5.3 | Medium | 2024-11-01 |
This page lists every published CVE security advisory associated with OptinlyHQ. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.