Best Klaviyo Alternatives for Revenue Growth and Advanced Analytics

Top Klaviyo alternatives offer advanced analytics, automation, and insights to help e-commerce brands improve campaigns, boost revenue, and track performance...

CVE-2023-25456

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Klaviyo, Inc. Klaviyo plugin = 3.0.7 versions...

EUVD-2023-12865

Malicious code in bioql PyPI...

EUVD-2023-29411

Malicious code in bioql PyPI...

CVE-2023-0874

The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Malicious code in careers.klaviyo.com (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-3382 Malicious code in careers.klaviyo.com (npm)

--- -= Per source details. Do not edit below this line.=-...

Unauthorized Data Access

Klaviyo Magento 2 is vulnerable to Unauthorized Data Access. The vulnerability is due to insufficient access controls in an endpoint, allowing attackers to read private customer data from stores by reclaiming guest-carts and accessing order details via the Magento API...

Read private customer data reclaiming carts in Klaviyo Magento

A researcher identified an endpoint in a thirth party module Klaviyo Magento 2 which allows to read private customer data from stores. It works by reclaiming any guest-cart as your own and reading the private data for the orders in the Magento API...

PT-2024-40329 · Klaviyo · Klaviyo Magento 2

Name of the Vulnerable Software and Affected Versions: Klaviyo Magento 2 affected versions not specified Description: A researcher discovered an issue in a third-party module that allows reading private customer data from stores. This is achieved by reclaiming any guest-cart as one's own and then...

CVE-2024-25928 WordPress Sitepact's Contact Form 7 Extension For Klaviyo Plugin <= 1.0.5 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Sitepact.This issue affects Sitepact: from n/a through 1.0.5...

CVE-2024-25928 WordPress Sitepact's Contact Form 7 Extension For Klaviyo Plugin <= 1.0.5 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Sitepact.This issue affects Sitepact: from n/a through 1.0.5...

Sitepact's Contact Form 7 Extension For Klaviyo <= 1.0.5 - Unauthenticated SQL Injection

Description The Sitepact's Contact Form 7 Extension For Klaviyo plugin for WordPress is vulnerable to SQL Injection parameter in versions up to, and including, 1.0.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

WordPress Sitepact's Contact Form 7 Extension For Klaviyo Plugin <= 1.0.5 is vulnerable to SQL Injection

Software Sitepact's Contact Form 7 Extension For Klaviyo Type Plugin Vulnerable versions = 1.0.5 Fixed in 3.0.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-25928 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b1255b55a5c6 Credits Dimas Maula...

WordPress Forms to Klaviyo Plugin <= 5.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Forms to Klaviyo Type Plugin Vulnerable versions = 5.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 48b75fce56c6 Credits Rafie Muhammad Patchstack Require...

WordPress Klaviyo Plugin <= 3.0.10 is vulnerable to Cross Site Scripting (XSS)

Software Klaviyo Type Plugin Vulnerable versions = 3.0.10 Fixed in 3.0.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0874 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9cbb77409b1f Credits Rafshanzani Suhada Required...

CVE-2023-0874

The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-0874

The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-0874 Klaviyo <= 3.0.10 - Admin+ Stored XSS

The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...