Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Vulnerability List - Page 2

Clear Filters
Found 63 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2025-2186 Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.1 - Unauthenticated SQL Injection via 'automationId' amans2kFunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce High 7.5 2025-03-22 12:42:12 Deep Dive
CVE-2025-22631 WordPress Marketing Automation Plugin <= 1.2.6.8 - Reflected Cross Site Scripting (XSS) vulnerability vboutMarketing Automation High 7.1 2025-02-23 22:55:06 Deep Dive
CVE-2024-10591 MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics <= 1.5.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update makewebbetterMWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics High 8.8 2025-01-30 13:42:09 Deep Dive
CVE-2025-0394 Groundhogg <= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function trainingbusinessprosGroundhogg — CRM, Newsletters, and Marketing Automation High 8.8 2025-01-14 08:23:14 Deep Dive
CVE-2024-9186 Automation By Autonami < 3.3.0 - Unauthenticated SQLi UnknownRecover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit--2024-11-14 06:00:11 Deep Dive
CVE-2024-50506 WordPress Marketing Automation by AZEXO plugin <= 1.27.80 - Privilege Escalation vulnerability azexoMarketing Automation by AZEXO High 8.8 2024-10-30 08:08:50 Deep Dive
CVE-2024-50480 WordPress Marketing Automation by AZEXO plugin <= 1.27.80 - Arbitrary File Upload vulnerability azexoMarketing Automation by AZEXO Critical 9.9 2024-10-29 07:58:44 Deep Dive
CVE-2024-8254 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Authenticated (Subscriber+) Arbitrary Shortcode Execution icegramEmail Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress Medium 5.4 2024-10-02 06:46:02 Deep Dive
CVE-2024-8771 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure icegramEmail Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress Medium 4.3 2024-09-26 15:30:34 Deep Dive
CVE-2024-39657 WordPress Sender plugin <= 2.6.18 - Cross Site Request Forgery (CSRF) vulnerability SenderSender – Newsletter, SMS and Email Marketing Automation for WooCommerce Medium 4.3 2024-08-26 20:54:09 Deep Dive
CVE-2024-7384 AcyMailing <= 9.7.2 - Authenticated (Subscriber+) Arbitrary File Upload via acym_extractArchive Function acybaAcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress High 7.5 2024-08-22 02:02:02 Deep Dive
CVE-2023-4730 LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.3 - Missing Authorization via init_endpoint binhnguyenplusLadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… Medium 5.3 2024-08-17 07:34:23 Deep Dive
CVE-2024-43126 WordPress Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce plugin <= 2.6.14 - Cross Site Scripting (XSS) vulnerability SenderSender – Newsletter, SMS and Email Marketing Automation for WooCommerce High 7.1 2024-08-12 22:34:23 Deep Dive
CVE-2024-5703 Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.26 - Missing Authorization icegramEmail Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress Medium 4.3 2024-07-17 07:32:19 Deep Dive
CVE-2024-37225 WordPress Zoho Marketing Automation plugin <= 1.2.7 - SQL Injection vulnerability Zoho Marketing AutomationZoho Marketing Automation High 8.5 2024-07-09 09:06:13 Deep Dive
CVE-2024-6172 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.25 - Unauthenticated SQL Injection via unsubscribe icegramEmail Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress Critical 9.8 2024-07-02 06:49:43 Deep Dive
CVE-2024-5756 Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.23 - Unauthenticated SQL Injection via optin icegramEmail Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress Critical 9.8 2024-06-21 04:34:11 Deep Dive
CVE-2024-4845 Icegram Express <= 5.7.22 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id] icegramEmail Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress High 8.8 2024-06-12 09:33:12 Deep Dive
CVE-2024-4295 Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash icegramEmail Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress Critical 9.8 2024-06-05 05:33:06 Deep Dive
CVE-2024-3626 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.17 - Missing Authorization icegramEmail Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress Medium 4.3 2024-05-23 05:32:15 Deep Dive