Browse all 4 CVE security advisories affecting optinlyhq. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OptinlyHQ develops lead generation and email collection tools for websites, primarily serving digital marketers and businesses. Historically, their products have been vulnerable to cross-site scripting (XSS) and remote code execution (RCE) due to improper input validation and insecure deserialization. The company has addressed four CVEs to date, with vulnerabilities often stemming from insufficient sanitization of user-supplied data and misconfigured access controls. While no major public security incidents have been documented, the recurring nature of these flaws suggests a need for enhanced security testing protocols. Their codebase remains under scrutiny as organizations increasingly prioritize secure implementation of marketing automation tools.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-6782 | GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via dirGZActiveForm() — GoZen FormsCWE-89 | 7.5 | High | 2025-07-04 |
| CVE-2025-6783 | GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via emdedSc() — GoZen FormsCWE-89 | 7.5 | High | 2025-07-04 |
| CVE-2024-37220 | WordPress Optinly plugin <= 1.0.18 - Broken Access Control vulnerability — OptinlyCWE-862 | 5.3 | Medium | 2024-11-01 |
| CVE-2022-41134 | WordPress Optinly Plugin <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF) — Optinly – Exit Intent, Newsletter Popups, Gamification & Opt-in FormsCWE-352 | 5.4 | Medium | 2023-02-13 |
This page lists every published CVE security advisory associated with optinlyhq. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.