| CVE-2025-1267 | Groundhogg <= 3.7.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via label Parameter | trainingbusinesspros | Groundhogg — CRM, Newsletters, and Marketing Automation | Medium | 5.5 | 2025-04-01 06:52:05 | Deep Dive |
| CVE-2025-2186 | Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.1 - Unauthenticated SQL Injection via 'automationId' | amans2k | FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce | High | 7.5 | 2025-03-22 12:42:12 | Deep Dive |
| CVE-2025-26899 | WordPress Recapture for WooCommerce Plugin <= 1.0.43 - CSRF to Settings Change vulnerability | Recapture Cart Recovery and Email Marketing | Recapture for WooCommerce | Medium | 6.5 | 2025-03-15 21:57:02 | Deep Dive |
| CVE-2025-22631 | WordPress Marketing Automation Plugin <= 1.2.6.8 - Reflected Cross Site Scripting (XSS) vulnerability | vbout | Marketing Automation | High | 7.1 | 2025-02-23 22:55:06 | Deep Dive |
| CVE-2025-22630 | WordPress Widget Options Plugin <= 4.1.0 - Arbitrary Code Execution vulnerability | Marketing Fire | Widget Options | Critical | 9.9 | 2025-02-14 07:10:22 | Deep Dive |
| CVE-2025-22662 | WordPress SendPulse Email Marketing Newsletter plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability | SendPulse | SendPulse Email Marketing Newsletter | Medium | 6.5 | 2025-02-04 14:21:58 | Deep Dive |
| CVE-2024-10591 | MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics <= 1.5.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update | makewebbetter | MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics | High | 8.8 | 2025-01-30 13:42:09 | Deep Dive |
| CVE-2025-22722 | WordPress Widget Options plugin <= 4.0.8 - Broken Access Control to Notice Dimissal vulnerability | Marketing Fire | Widget Options | Medium | 4.3 | 2025-01-21 17:21:52 | Deep Dive |
| CVE-2025-23930 | WordPress PayPal Marketing Solutions plugin <= 1.2 - Broken Access Control vulnerability | paypalmuse | PayPal Marketing Solutions | Medium | 4.3 | 2025-01-16 20:07:58 | Deep Dive |
| CVE-2025-0394 | Groundhogg <= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function | trainingbusinesspros | Groundhogg — CRM, Newsletters, and Marketing Automation | High | 8.8 | 2025-01-14 08:23:14 | Deep Dive |
| CVE-2024-56219 | WordPress Widget Options plugin <= 4.0.6.1 - Broken Access Control vulnerability | Marketing Fire | Widget Options | Medium | 4.3 | 2024-12-31 10:22:42 | Deep Dive |
| CVE-2023-49156 | WordPress GoDaddy Email Marketing plugin <= 1.4.3 - Broken Access Control vulnerability | GoDaddy | GoDaddy Email Marketing | 中危 | - | 2024-12-09 11:30:22 | Deep Dive |
| CVE-2024-53784 | WordPress Smart Marketing SMS and Newsletters Forms plugin <= 5.0.4 - Broken Access Control vulnerability | E-goi | Smart Marketing SMS and Newsletters Forms | Medium | 4.3 | 2024-12-02 13:48:27 | Deep Dive |
| CVE-2024-10580 | Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.5 - Missing Authorization to Unauthorized Form Submission | wpmudev | Hustle – Email Marketing, Lead Generation, Optins, Popups | Medium | 5.3 | 2024-11-27 06:41:28 | Deep Dive |
| CVE-2024-10579 | Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.5 - Missing Authorization to Unpublished Form Exposure | wpmudev | Hustle – Email Marketing, Lead Generation, Optins, Popups | Medium | 4.3 | 2024-11-26 11:04:32 | Deep Dive |
| CVE-2024-9186 | Automation By Autonami < 3.3.0 - Unauthenticated SQLi | Unknown | Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit | - | - | 2024-11-14 06:00:11 | Deep Dive |
| CVE-2024-50506 | WordPress Marketing Automation by AZEXO plugin <= 1.27.80 - Privilege Escalation vulnerability | azexo | Marketing Automation by AZEXO | High | 8.8 | 2024-10-30 08:08:50 | Deep Dive |
| CVE-2024-50480 | WordPress Marketing Automation by AZEXO plugin <= 1.27.80 - Arbitrary File Upload vulnerability | azexo | Marketing Automation by AZEXO | Critical | 9.9 | 2024-10-29 07:58:44 | Deep Dive |
| CVE-2024-9061 | WP Popup Builder – Popup Forms and Marketing Lead Generation <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via wp_ajax_nopriv_shortcode_Api_Add | themehunk | WP Popup Builder – Popup Forms and Marketing Lead Generation | High | 7.3 | 2024-10-16 07:31:49 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |