OptinMonster

Authenticated (Contributor+) Stored CrossSite Scripting vulnerability <= 2.16.1

Cross Site Request Forgery (CSRF) Notice Dismissal vulnerability <= 2.15.3

Subscriber+ Arbitrary Post Content Disclosure vulnerability < 2.12.2

Unprotected RESTAPI to Sensitive Information Disclosure and Unauthorized API access vulnerability <= 2.6.4

Reflected CrossSite Scripting (XSS) vulnerability <= 2.6.0