WowOptin: Incorrect Access Control for WPXPO Exposes Sensitive Data

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.3

WowOptin: Incorrect Access Control for WPXPO Exposes Sensitive Data

CVE-2026-39700

Summary

The WowOptin plugin for WordPress has a security issue that could allow unauthorized access to sensitive data. This affects versions of the plugin installed on WordPress websites. To fix this, update the plugin to version 1.4.33 or later.

Original title

Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowOptin: from n/a through <= 1.4.32.

Original description

Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowOptin: from n/a through <= 1.4.32.

Vulnerability type

CWE-862 Missing Authorization

https://patchstack.com/database/Wordpress/Plugin/optin/vulnerability/wordpress-w...

Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 8 Apr 2026