CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

67 matches found

Campaign Monitor for WordPress - Information Disclosure

Campaign Monitor for WordPress plugin for WordPress versions up to 2.8.15 contains a full path disclosure caused by improper access restriction and enabled displayerrors in /forms/views/admin/create.php, letting unauthenticated attackers retrieve server paths, exploit requires displayerrors to be...

5.3CVSS5.8AI score0.00849EPSS

Exploits0References3

RedhatCVE•added 2026/01/10 5:41 a.m.•1 views

CVE-2026-0674

Missing Authorization vulnerability in Campaign Monitor Campaign Monitor for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Campaign Monitor for WordPress: from n/a through 2.9.1...

4.3CVSS5.8AI score0.00202EPSS

Exploits0References1

Patchstack•added 2026/01/08 1:46 p.m.•3 views

WordPress Campaign Monitor for WordPress plugin <= 2.9.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Campaign Monitor for WordPress versions = 2.9.0...

4.3CVSS7AI score0.00202EPSS

Exploits0Affected Software1

NVD•added 2026/01/08 10:15 a.m.•2 views

CVE-2026-0674

4.3CVSS0.00202EPSS

Exploits0References1

Cvelist•added 2026/01/08 9:17 a.m.•26 views

CVE-2026-0674 WordPress Campaign Monitor for WordPress plugin <= 2.9.1 - Broken Access Control vulnerability

4.3CVSS0.00202EPSS

Exploits0References1

Vulnrichment•added 2026/01/08 9:17 a.m.•1 views

CVE-2026-0674 WordPress Campaign Monitor for WordPress plugin <= 2.9.1 - Broken Access Control vulnerability

4.3CVSS5.8AI score0.00202EPSS

Exploits0References1

ATTACKERKB•added 2026/01/08 9:17 a.m.•2 views

CVE-2026-0674

4.3CVSS5.8AI score0.00202EPSS

Exploits0References4

CVE•added 2026/01/08 9:17 a.m.•11 views

CVE-2026-0674

CVE-2026-0674 refers to a Missing Authorization vulnerability in Campaign Monitor for WordPress (plugin: forms-for-campaign-monitor). The Wordfence document confirms the affected component and describes exploitation as arising from an incorrectly configured access control, with CVSS 3.1 base scor...

4.3CVSS5.8AI score0.00202EPSS

Exploits0References1

Positive Technologies•added 2026/01/08 12:0 a.m.•3 views

PT-2026-1968

Name of the Vulnerable Software and Affected Versions Campaign Monitor for WordPress versions through 2.9.0 Description A missing authorization issue exists in Campaign Monitor for WordPress forms-for-campaign-monitor, allowing exploitation of incorrectly configured access control security levels...

4.3CVSS6.5AI score0.00202EPSS

Exploits0References5

CNNVD•added 2026/01/08 12:0 a.m.•3 views

WordPress plugin Campaign Monitor for WordPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

4.3CVSS6.4AI score0.00202EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2015-4387

Malware in sbrugna...

6.8CVSS6.4AI score0.00656EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2012-4413

Malware in sbrugna...

4.3CVSS6.4AI score0.01161EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-42290

Malicious code in bioql PyPI...

7.1CVSS7AI score0.00412EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-40801

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00385EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2023-57438

Malicious code in bioql PyPI...

8.1CVSS8.5AI score0.0058EPSS

Exploits2References1

RedhatCVE•added 2025/05/23 6:20 a.m.•3 views

CVE-2024-44019

Missing Authorization vulnerability in Renzo Johnson Contact Form 7 Campaign Monitor Extension contact-form-7-campaign-monitor-extension.This issue affects Contact Form 7 Campaign Monitor Extension: from n/a through = 0.4.67...

9.8CVSS5.9AI score0.00385EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 4:30 a.m.•7 views

CVE-2023-5098

The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 does not prevent users with low privileges like subscribers from overwriting any options on a site with the string "true", which could lead to a variety of outcomes, including DoS...

8.1CVSS6.6AI score0.0058EPSS

Exploits2References1

RedhatCVE•added 2025/05/23 2:21 a.m.•5 views

CVE-2023-38474

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Campaign Monitor Campaign Monitor for WordPress allows Reflected XSS.This issue affects Campaign Monitor for WordPress: from n/a through 2.8.12...

7.1CVSS7.1AI score0.00412EPSS

Exploits0References1

NVD•added 2024/12/03 11:15 a.m.•17 views

CVE-2024-11326

The Campaign Monitor Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS0.00338EPSS

Exploits0References3

Cvelist•added 2024/12/03 11:4 a.m.•21 views

CVE-2024-11326 Campaign Monitor Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting

6.1CVSS0.00338EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by