7 matches found
EUVD-2026-36908
Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.1 versions...
CVE-2026-9691
Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.1 versions...
CVE-2026-9691 WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.1 versions...
WordPress Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation vulnerability
Missing Authorization to Unauthenticated DB Table Truncation vulnerability discovered by Lucio Sá in WordPress Plugin Popup – MailChimp, GetResponse and ActiveCampaign Intergrations versions = 3.2.6...
CVE-2024-12158
CVE-2024-12158 concerns the Popup – MailChimp, GetResponse and ActiveCampaign Integrations WordPress plugin. The vulnerability is a missing capability check on the AJAX action upc_delete_db_data, affecting all versions up to and including 3.2.6. This permits unauthenticated attackers to delete th...
CVE-2024-12158 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation
The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upcdeletedbdata' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated...
CVE-2024-12158 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation
The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upcdeletedbdata' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated...