Skip to content

Pricing
Knowledge base
Support

Pricing
Knowledge base
Support

> Get Pro <
Pricing
Knowledge base
Support
Account area

> Get Pro <
Pricing
Knowledge base
Support
Account area

Home » Vulnerabilities » Input validation vulnerability in CM Tooltip Glossary 4.2.11

Search

Latest

Passkeys: no need for Limit Login Attempts?

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 not found errors

Pricing
Knowledge base
Support

Pricing
Knowledge base
Support

Input validation vulnerability in CM Tooltip Glossary 4.2.11

CVE-2024-4086

Severity: medium-risk
Status: Open
Publication: April 24, 2024

A popular plugin for WordPress called “CM Tooltip Glossary” has a security issue that could allow unauthorized users to change its settings. This is because the plugin does not properly check for a special code when saving settings. This means that someone could trick a website administrator into clicking a link that would let them change or reset the plugin’s settings without permission.

Detected in:

CM Popup Plugin for WordPress – Popup Maker fixed vulnerable versions:

CM Tooltip Glossary – Empower your content with clarity and meaning fixed vulnerable versions:

CM Tooltip Glossary open vulnerable versions: >= * <= 4.2.11

Open source

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

Incorrect?

Is this information incorrect? Please leave us a message.

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Your Email

Plugins

Really Simple Security
Complianz
SimplyBook.me

© Really Simple Plugins
CoC 70461155
Kalmarweg 14-5
9723 JG, Groningen (NL)

Wordpress Linkedin Github

Get Started

Pricing
Knowledge Base
Support
F.A.Q

Account
Become an Affiliate

About

About Us

Privacy Statement
Cookie Policy
Terms of Use
Coordinated Vulnerability Disclosure

Popular articles

Why WordPress is (in)secure
Always be ahead of vulnerabilities
Harden your website’s security
Login protection as essential security
Protect site visitors with Security Headers
Enable an efficient and performant firewall

Manage Cookie Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options Manage services Manage {vendor_count} vendors Read more about these purposes

View preferences

{title} {title} {title}

Manage Cookie Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options Manage services Manage {vendor_count} vendors Read more about these purposes

View preferences

{title} {title} {title}