@powersync/cli-core (>=0.0.0-dev-20260305082615 <=0.9.2), @powersync/cli-plugin-config-edit (>=0.0.0-dev-20260305082615 <=0.9.2) +19 more potentially affected by CVE-2026-30870 via @powersync/service-sync-rules (=0.32.0)

@powersync/service-sync-rules NPM version =0.32.0 is affected by a known vulnerability. The following packages have a transitive dependency on @powersync/service-sync-rules and may be impacted: - @powersync/cli-core =0.0.0-dev-20260305082615, =0.0.0-dev-20260305082615, =0.0.0-dev-20260305082615,...

CVE-2025-11975

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savechanges function in all versions up to, and including,...

CVE-2025-11975

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savechanges function in all versions up to, and including,...

CVE-2025-11975 FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Missing Authorization to Authenticated (Subscriber+) Sync Rule Creation

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savechanges function in all versions up to, and including,...

EUVD-2025-37289

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savechanges function in all versions up to, and including,...

CVE-2025-11976

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23.0. This is due to missing or incorrect nonce validation on the...

EUVD-2025-35919

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23.0. This is due to missing or incorrect nonce validation on the...

CVE-2025-11976

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23.0. This is due to missing or incorrect nonce validation on the...

CVE-2025-11976 FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Cross-Site Request Forgery to Sync Rule Creation

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23.0. This is due to missing or incorrect nonce validation on the...

CVE-2025-11976

CVE-2025-11976 concerns FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) for WordPress. According to connected sources, the vulnerability is a Cross-Site Forgery (CSRF) due to missing or incorrect nonce validation in the save_cha...

PT-2025-43723

Name of the Vulnerable Software and Affected Versions FuseWP – WordPress User Sync to Email List & Marketing Automation plugin versions prior to 1.1.23.0 Description The FuseWP plugin for WordPress is susceptible to a Cross-Site Request Forgery CSRF issue. This is caused by inadequate nonce...