| CVE-2024-9982 | ESi Technology AIM LINE Marketing Platform - SQL Injection | ESi Technology | AIM LINE Marketing Platform | Critical | 9.8 | 2024-10-15 08:04:36 | Deep Dive |
| CVE-2024-8477 | Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) <= 3.1.87 - Cross-Site Request Forgery | neeraj_slit | Brevo – Email, SMS, Web Push, Chat, and more. | Medium | 4.3 | 2024-10-10 02:06:12 | Deep Dive |
| CVE-2024-9066 | Marketing and SEO Booster <= 1.9.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | dale668 | Marketing and SEO Booster | Medium | 6.4 | 2024-10-10 02:06:07 | Deep Dive |
| CVE-2024-8254 | Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 5.4 | 2024-10-02 06:46:02 | Deep Dive |
| CVE-2024-8771 | Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 4.3 | 2024-09-26 15:30:34 | Deep Dive |
| CVE-2024-6928 | Opti Marketing <= 2.0.9 - Unauthenticated SQLi | Unknown | Opti Marketing | - | - | 2024-09-08 06:00:04 | Deep Dive |
| CVE-2024-5879 | HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics <= 11.1.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via HubSpot Meeting Widget | hubspotdev | HubSpot All-In-One Marketing – Forms, Popups, Live Chat | Medium | 6.4 | 2024-08-30 04:29:57 | Deep Dive |
| CVE-2024-2541 | Popup Builder <= 4.3.6 - Sensitive Information Exposure via Imported Subscribers CSV File | popupbuilder | Popup Builder – Create highly converting, mobile friendly marketing popups. | Medium | 5.3 | 2024-08-29 12:31:09 | Deep Dive |
| CVE-2024-39657 | WordPress Sender plugin <= 2.6.18 - Cross Site Request Forgery (CSRF) vulnerability | Sender | Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce | Medium | 4.3 | 2024-08-26 20:54:09 | Deep Dive |
| CVE-2024-43287 | WordPress Brevo plugin <= 3.1.82 - Cross Site Request Forgery (CSRF) vulnerability | Brevo | Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue | Medium | 4.3 | 2024-08-26 20:46:07 | Deep Dive |
| CVE-2024-7384 | AcyMailing <= 9.7.2 - Authenticated (Subscriber+) Arbitrary File Upload via acym_extractArchive Function | acyba | AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress | High | 7.5 | 2024-08-22 02:02:02 | Deep Dive |
| CVE-2023-4730 | LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.3 - Missing Authorization via init_endpoint | binhnguyenplus | LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… | Medium | 5.3 | 2024-08-17 07:34:23 | Deep Dive |
| CVE-2024-43126 | WordPress Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce plugin <= 2.6.14 - Cross Site Scripting (XSS) vulnerability | Sender | Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce | High | 7.1 | 2024-08-12 22:34:23 | Deep Dive |
| CVE-2024-7127 | XSS in Stackposts - Social Marketing Tool | Stackposts | Social Marketing Tool | - | - | 2024-07-30 11:21:38 | Deep Dive |
| CVE-2024-5703 | Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.26 - Missing Authorization | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 4.3 | 2024-07-17 07:32:19 | Deep Dive |
| CVE-2024-21169 | Oracle E-Business Suite 安全漏洞 | Oracle Corporation | Marketing | Medium | 6.5 | 2024-07-16 22:40:07 | Deep Dive |
| CVE-2024-37225 | WordPress Zoho Marketing Automation plugin <= 1.2.7 - SQL Injection vulnerability | Zoho Marketing Automation | Zoho Marketing Automation | High | 8.5 | 2024-07-09 09:06:13 | Deep Dive |
| CVE-2024-6172 | Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.25 - Unauthenticated SQL Injection via unsubscribe | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Critical | 9.8 | 2024-07-02 06:49:43 | Deep Dive |
| CVE-2024-5756 | Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.23 - Unauthenticated SQL Injection via optin | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Critical | 9.8 | 2024-06-21 04:34:11 | Deep Dive |
| CVE-2024-3961 | ConvertKit <= 2.4.9 - Missing Authorization | convertkit | Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages | Medium | 5.3 | 2024-06-21 03:49:00 | Deep Dive |