CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

35 matches found

WordPress FluentCRM <= 2.9.87 - Unauthenticated Blind SSRF

FluentCRM WordPress plugin = 2.9.87 contains a blind server-side request forgery caused by improper validation of the 'SubscribeURL' parameter, letting unauthenticated attackers make arbitrary web requests, exploit requires unconfigured SES bounce handling key. id: CVE-2026-7798 info: name:...

5.4CVSS5.9AI score0.00878EPSS

Exploits0References3

NVD•added 2026/05/22 9:16 a.m.•12 views

CVE-2026-7798

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.9.87 via the 'SubscribeURL' parameter. This makes it possible for...

5.4CVSS0.00878EPSS

Exploits0References8

ATTACKERKB•added 2026/05/22 7:50 a.m.•6 views

CVE-2026-7798

5.4CVSS5.8AI score0.00878EPSS

Exploits0References9

Vulnrichment•added 2026/05/22 7:50 a.m.•4 views

CVE-2026-7798 FluentCRM <= 2.9.87 - Unauthenticated Blind Server-Side Request Forgery via 'SubscribeURL' Parameter

5.4CVSS5.8AI score0.00878EPSS

Exploits0References8

EUVD•added 2026/05/22 7:50 a.m.•7 views

EUVD-2026-31418

5.4CVSS5.8AI score0.00878EPSS

Exploits0References8

CVE•added 2026/05/22 7:50 a.m.•12 views

CVE-2026-7798

The CVE-2026-7798 entry concerns the FluentCRM WordPress plugin (versions up to and including 2.9.87). A Blind Server-Side Request Forgery exists via the SubscribeURL parameter, enabling unauthenticated actors to make web requests from the application to internal/internal-facing targets and poten...

5.4CVSS5.8AI score0.00878EPSS

Exploits0References8

Cvelist•added 2026/05/22 7:50 a.m.•24 views

CVE-2026-7798 FluentCRM <= 2.9.87 - Unauthenticated Blind Server-Side Request Forgery via 'SubscribeURL' Parameter

5.4CVSS0.00878EPSS

Exploits0References8

Positive Technologies•added 2026/05/22 12:0 a.m.•6 views

PT-2026-42735

5.4CVSS5.8AI score0.00878EPSS

Exploits0References9

CNNVD•added 2026/05/22 12:0 a.m.•5 views

WordPress plugin FluentCRM 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.4CVSS6AI score0.00878EPSS

Exploits0References8

Patchstack•added 2026/05/21 7:20 p.m.•3 views

WordPress FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin <= 2.9.87 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Saleh Elsayed 0xManticore in WordPress Plugin Fluent CRM versions = 2.9.87...

5.4CVSS5.8AI score0.00878EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/11/22 12:33 p.m.•3 views

CVE-2025-12935

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fluentcrmcontent' shortcode in all versions up to, and including, 2.9.84 due to insufficient input...

6.4CVSS5AI score0.00037EPSS

Exploits0References1

NVD•added 2025/11/21 1:15 p.m.•1 views

CVE-2025-12935

6.4CVSS0.00037EPSS

Exploits0References4

Vulnrichment•added 2025/11/21 12:28 p.m.•1 views

CVE-2025-12935 FluentCRM - Marketing Automation For WordPress <= 2.9.84 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fluentcrm_content' Shortcode

6.4CVSS4.7AI score0.00037EPSS

Exploits0References4

Cvelist•added 2025/11/21 12:28 p.m.•5 views

CVE-2025-12935 FluentCRM - Marketing Automation For WordPress <= 2.9.84 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fluentcrm_content' Shortcode

6.4CVSS0.00037EPSS

Exploits0References4

EUVD•added 2025/11/21 12:28 p.m.•1 views

EUVD-2025-198488

6.4CVSS4.6AI score0.00037EPSS

Exploits0References5

Patchstack•added 2025/11/21 8:23 a.m.•4 views

WordPress FluentCRM plugin <= 2.9.84 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fluentcrm_content' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'fluentcrmcontent' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Fluent CRM versions = 2.9.84...

6.4CVSS5.8AI score0.00037EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/11/21 12:0 a.m.•3 views

PT-2025-47729

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fluentcrm content' shortcode in all versions up to, and including, 2.9.84 due to insufficient input...

6.4CVSS5AI score0.00037EPSS

Exploits0References5

CNNVD•added 2025/11/21 12:0 a.m.•1 views

WordPress plugin FluentCRM 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

6.4CVSS5.8AI score0.00037EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•6 views

EUVD-2023-23681

Malicious code in bioql PyPI...

5.3CVSS5AI score0.01598EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 2:13 a.m.•10 views

CVE-2023-1430

The FluentCRM - Marketing Automation For WordPress plugin for WordPress is vulnerable to unauthorized modification of data in versions up to, and including, 2.8.01 due to the use of an MD5 hash without a salt to control subscriptions. This makes it possible for unauthenticated attackers to...

6.5CVSS5.9AI score0.01598EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by