Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5 matches found

CNVD
CNVDadded 2025/11/05 12:0 a.m.2 views

WordPress FuseWP plugin unauthorized data modification vulnerability

WordPress FuseWP plugin is a WordPress plugin for creating and managing multilingual websites. WordPress FuseWP plugin suffers from an unauthorized modification of data vulnerability that stems from a lack of capability check in the savechanges function, which can be exploited by an attacker to a...

4.3CVSS6.7AI score0.0012EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/10/31 12:0 a.m.2 views

PT-2025-44578

Name of the Vulnerable Software and Affected Versions FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin versions through 1.1.23.0 Description The FuseWP plugin for WordPress has a flaw that allows unauthorized modification of...

4.3CVSS6.5AI score0.0012EPSS
Exploits0References7
Vulnrichment
Vulnrichmentadded 2025/10/25 6:49 a.m.2 views

CVE-2025-11976 FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Cross-Site Request Forgery to Sync Rule Creation

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23.0. This is due to missing or incorrect nonce validation on the...

4.3CVSS4.8AI score0.00013EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/10/25 6:49 a.m.7 views

CVE-2025-11976 FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Cross-Site Request Forgery to Sync Rule Creation

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23.0. This is due to missing or incorrect nonce validation on the...

4.3CVSS0.00013EPSS
Exploits0References2
CVE
CVEadded 2025/10/25 6:49 a.m.17 views

CVE-2025-11976

CVE-2025-11976 concerns FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) for WordPress. According to connected sources, the vulnerability is a Cross-Site Forgery (CSRF) due to missing or incorrect nonce validation in the save_cha...

4.3CVSS4.9AI score0.00013EPSS
Exploits0References2
Rows per page
Query Builder