CVE-2025-11975

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savechanges function in all versions up to, and including,...

WordPress FuseWP plugin <= 1.1.23.0 - Missing Authorization to Authenticated (Subscriber+) Sync Rule Creation vulnerability

Missing Authorization to Authenticated Subscriber+ Sync Rule Creation vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin FuseWP versions = 1.1.23.0...

EUVD-2025-37289

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savechanges function in all versions up to, and including,...

CVE-2025-11975

CVE-2025-11975 affects the FuseWP WordPress plugin (WordPress User Sync to Email List & Marketing Automation). The root cause is a missing capability check in the save_changes() function, impacting all versions up to and including 1.1.23.0. This enables unauthorized modification of data, allowing...

WordPress FuseWP plugin <= 1.1.23.0 - Cross-Site Request Forgery to Sync Rule Creation vulnerability

Cross-Site Request Forgery to Sync Rule Creation vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin FuseWP versions = 1.1.23.0...

CVE-2025-11976 FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Cross-Site Request Forgery to Sync Rule Creation

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23.0. This is due to missing or incorrect nonce validation on the...

CVE-2025-11976 FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Cross-Site Request Forgery to Sync Rule Creation

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23.0. This is due to missing or incorrect nonce validation on the...