Lucene search
K

152 matches found

Patchstack
Patchstack
added 2025/01/07 7:14 a.m.8 views

WordPress Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation vulnerability

Missing Authorization to Unauthenticated DB Table Truncation vulnerability discovered by Lucio Sá in WordPress Plugin Popup – MailChimp, GetResponse and ActiveCampaign Intergrations versions = 3.2.6...

5.3CVSS7AI score0.00329EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/01/07 5:15 a.m.10 views

CVE-2024-12157

The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upcdeletedbrecord' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS0.00977EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/07 4:22 a.m.6 views

CVE-2024-12158 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation

The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upcdeletedbdata' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated...

5.3CVSS6.8AI score0.00329EPSS
Exploits0References2
CVE
CVE
added 2025/01/07 4:22 a.m.47 views

CVE-2024-12158

CVE-2024-12158 concerns the Popup – MailChimp, GetResponse and ActiveCampaign Integrations WordPress plugin. The vulnerability is a missing capability check on the AJAX action upc_delete_db_data, affecting all versions up to and including 3.2.6. This permits unauthenticated attackers to delete th...

5.3CVSS5.2AI score0.00329EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/07 4:22 a.m.20 views

CVE-2024-12158 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation

The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upcdeletedbdata' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated...

5.3CVSS0.00329EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/04/18 12:0 a.m.16 views

ActiveCampaign < 8.1.15 - Authenticated (Administrator+) Server-Side Request Forgery

Description The ActiveCampaign – Forms, Site Tracking, Live Chat plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.1.14 via the api3. This makes it possible for authenticated attackers, with administrator-level access and above, to make web...

9.8CVSS6.5AI score0.00351EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/04/15 8:15 a.m.24 views

CVE-2024-32430

Server-Side Request Forgery SSRF vulnerability in ActiveCampaign.This issue affects ActiveCampaign: from n/a through 8.1.14...

9.8CVSS4.8AI score0.00351EPSS
Exploits0References1
OSV
OSV
added 2024/04/15 8:15 a.m.6 views

CVE-2024-32430

Server-Side Request Forgery SSRF vulnerability in ActiveCampaign.This issue affects ActiveCampaign: from n/a through 8.1.14...

9.8CVSS5.8AI score0.00351EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/15 7:14 a.m.16 views

CVE-2024-32430 WordPress ActiveCampaign plugin <= 8.1.14 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in ActiveCampaign.This issue affects ActiveCampaign: from n/a through 8.1.14...

4.4CVSS7AI score0.00351EPSS
Exploits0References1
CVE
CVE
added 2024/04/15 7:14 a.m.78 views

CVE-2024-32430

CVE-2024-32430 is a Server-Side Request Forgery (SSRF) vulnerability in the ActiveCampaign WordPress plugin (ActiveCampaign – Forms, Site Tracking, Live Chat) affecting versions up to 8.1.14. The CVSS metrics indicate a critical impact (CVSS 3.1: 9.8) with network access, no user interaction, and...

9.8CVSS5.1AI score0.00351EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/04/15 7:14 a.m.31 views

CVE-2024-32430 WordPress ActiveCampaign plugin <= 8.1.14 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in ActiveCampaign.This issue affects ActiveCampaign: from n/a through 8.1.14...

4.4CVSS5.1AI score0.00351EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.6 views

WordPress Plugin ActiveCampaign 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

9.8CVSS6.7AI score0.00351EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/15 12:0 a.m.10 views

PT-2024-24560 · Activecampaign · Activecampaign

Name of the Vulnerable Software and Affected Versions: ActiveCampaign versions n/a through 8.1.14 Description: The issue is a Server-Side Request Forgery SSRF vulnerability. This means an attacker could potentially force the server to make requests to arbitrary domains, which could lead to...

9.8CVSS6.1AI score0.00351EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/04/12 3:9 p.m.6 views

WordPress ActiveCampaign plugin <= 8.1.14 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Yuchen Ji Patchstack Alliance in WordPress Plugin ActiveCampaign versions = 8.1.14...

9.8CVSS7AI score0.00351EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/12 12:0 a.m.14 views

WordPress ActiveCampaign Plugin <= 8.1.14 is vulnerable to Server Side Request Forgery (SSRF)

Software ActiveCampaign Type Plugin Vulnerable versions = 8.1.14 Fixed in 8.1.15 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-32430 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID 8ad18b5a9350 Credits Yuche...

9.8CVSS6.6AI score0.00351EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.8 views

WordPress ActiveCampaign Email Preference Center Plugin < 2.0.12 is vulnerable to Cross Site Scripting (XSS)

Software ActiveCampaign Email Preference Center Type Plugin Vulnerable versions 2.0.12 Fixed in 2.0.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0ae883cf0c33 Credits Rafie...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
Openbugbounty
Openbugbounty
added 2023/05/18 10:23 a.m.6 views

activecampaign.com Cross Site Scripting vulnerability OBB-3352310

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
NVD
NVD
added 2023/05/15 1:15 p.m.28 views

CVE-2023-0233

The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.3AI score0.00462EPSS
Exploits2References1
OSV
OSV
added 2023/05/15 1:15 p.m.5 views

CVE-2023-0233

The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS7.3AI score0.00462EPSS
Exploits2References1
Prion
Prion
added 2023/05/15 1:15 p.m.20 views

Cross site scripting

The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

4.9CVSS5.3AI score0.00462EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder