152 matches found
EUVD-2025-3411
Malicious code in bioql PyPI...
EUVD-2025-9873
Malicious code in bioql PyPI...
EUVD-2024-30248
Malicious code in bioql PyPI...
EUVD-2022-43257
Malicious code in bioql PyPI...
CVE-2024-32430
Server-Side Request Forgery SSRF vulnerability in ActiveCampaign.This issue affects ActiveCampaign: from n/a through 8.1.14...
CVE-2023-0233
The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2022-3923
The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs...
CVE-2021-24133
Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacker's account...
CVE-2025-32136
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in activecampaign ActiveCampaign activecampaign-subscription-forms allows Stored XSS.This issue affects ActiveCampaign: from n/a through = 8.1.16...
CVE-2025-32136
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in activecampaign ActiveCampaign activecampaign-subscription-forms allows Stored XSS.This issue affects ActiveCampaign: from n/a through = 8.1.16...
CVE-2025-32136 WordPress ActiveCampaign Plugin <= 8.1.16 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in activecampaign ActiveCampaign allows Stored XSS. This issue affects ActiveCampaign: from n/a through 8.1.16...
CVE-2025-32136
CVE-2025-32136 describes a Stored XSS in the ActiveCampaign – Forms, Site Tracking plugin for WordPress, affecting ActiveCampaign plugin versions from n/a up to and including 8.1.16. The CVSS 3.1 base score is 5.9 (Medium); vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L, with impact by conf...
CVE-2025-32136 WordPress ActiveCampaign Plugin <= 8.1.16 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in activecampaign ActiveCampaign activecampaign-subscription-forms allows Stored XSS.This issue affects ActiveCampaign: from n/a through = 8.1.16...
WordPress ActiveCampaign Plugin <= 8.1.16 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by b4orvn in WordPress Plugin ActiveCampaign versions = 8.1.16...
WordPress plugin ActiveCampaign 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
CVE-2025-23778
Missing Authorization vulnerability in Pravin Durugkar User Sync ActiveCampaign registered-user-sync-activecampaign allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Sync ActiveCampaign: from n/a through = 1.3.2...
CVE-2025-23778 WordPress User Sync ActiveCampaign plugin <= 1.3.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Pravin Durugkar User Sync ActiveCampaign registered-user-sync-activecampaign allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Sync ActiveCampaign: from n/a through = 1.3.2...
WordPress User Sync ActiveCampaign plugin <= 1.3.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Mika in WordPress Plugin User Sync ActiveCampaign versions = 1.3.2...
WordPress plugin User Sync ActiveCampaign 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2025-5084 · Unknown · Pravin Durugkar User Sync Activecampaign
Name of the Vulnerable Software and Affected Versions: Pravin Durugkar User Sync ActiveCampaign versions 1.3.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: Fo...