152 matches found
WordPress Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation vulnerability
Missing Authorization to Unauthenticated DB Table Truncation vulnerability discovered by Lucio Sá in WordPress Plugin Popup – MailChimp, GetResponse and ActiveCampaign Intergrations versions = 3.2.6...
CVE-2024-12157
The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upcdeletedbrecord' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2024-12158 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation
The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upcdeletedbdata' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated...
CVE-2024-12158
CVE-2024-12158 concerns the Popup – MailChimp, GetResponse and ActiveCampaign Integrations WordPress plugin. The vulnerability is a missing capability check on the AJAX action upc_delete_db_data, affecting all versions up to and including 3.2.6. This permits unauthenticated attackers to delete th...
CVE-2024-12158 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation
The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upcdeletedbdata' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated...
ActiveCampaign < 8.1.15 - Authenticated (Administrator+) Server-Side Request Forgery
Description The ActiveCampaign – Forms, Site Tracking, Live Chat plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.1.14 via the api3. This makes it possible for authenticated attackers, with administrator-level access and above, to make web...
CVE-2024-32430
Server-Side Request Forgery SSRF vulnerability in ActiveCampaign.This issue affects ActiveCampaign: from n/a through 8.1.14...
CVE-2024-32430
Server-Side Request Forgery SSRF vulnerability in ActiveCampaign.This issue affects ActiveCampaign: from n/a through 8.1.14...
CVE-2024-32430 WordPress ActiveCampaign plugin <= 8.1.14 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in ActiveCampaign.This issue affects ActiveCampaign: from n/a through 8.1.14...
CVE-2024-32430
CVE-2024-32430 is a Server-Side Request Forgery (SSRF) vulnerability in the ActiveCampaign WordPress plugin (ActiveCampaign – Forms, Site Tracking, Live Chat) affecting versions up to 8.1.14. The CVSS metrics indicate a critical impact (CVSS 3.1: 9.8) with network access, no user interaction, and...
CVE-2024-32430 WordPress ActiveCampaign plugin <= 8.1.14 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in ActiveCampaign.This issue affects ActiveCampaign: from n/a through 8.1.14...
WordPress Plugin ActiveCampaign 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
PT-2024-24560 · Activecampaign · Activecampaign
Name of the Vulnerable Software and Affected Versions: ActiveCampaign versions n/a through 8.1.14 Description: The issue is a Server-Side Request Forgery SSRF vulnerability. This means an attacker could potentially force the server to make requests to arbitrary domains, which could lead to...
WordPress ActiveCampaign plugin <= 8.1.14 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Yuchen Ji Patchstack Alliance in WordPress Plugin ActiveCampaign versions = 8.1.14...
WordPress ActiveCampaign Plugin <= 8.1.14 is vulnerable to Server Side Request Forgery (SSRF)
Software ActiveCampaign Type Plugin Vulnerable versions = 8.1.14 Fixed in 8.1.15 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-32430 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID 8ad18b5a9350 Credits Yuche...
WordPress ActiveCampaign Email Preference Center Plugin < 2.0.12 is vulnerable to Cross Site Scripting (XSS)
Software ActiveCampaign Email Preference Center Type Plugin Vulnerable versions 2.0.12 Fixed in 2.0.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0ae883cf0c33 Credits Rafie...
activecampaign.com Cross Site Scripting vulnerability OBB-3352310
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-0233
The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0233
The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Cross site scripting
The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...