| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-11975 | FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Missing Authorization to Authenticated (Subscriber+) Sync Rule Creation | fusewp | FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) | Medium | 4.3 | 2025-10-31 02:26:04 | Deep Dive |
| CVE-2025-11976 | FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Cross-Site Request Forgery to Sync Rule Creation | fusewp | FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) | Medium | 4.3 | 2025-10-25 06:49:25 | Deep Dive |
| CVE-2025-32136 | WordPress ActiveCampaign Plugin <= 8.1.16 - Cross Site Scripting (XSS) vulnerability | activecampaign | ActiveCampaign | Medium | 5.9 | 2025-04-04 15:58:31 | Deep Dive |
| CVE-2025-23778 | WordPress User Sync ActiveCampaign plugin <= 1.3.2 - Broken Access Control vulnerability | Pravin Durugkar | User Sync ActiveCampaign | Medium | 5.4 | 2025-01-16 20:06:58 | Deep Dive |
| CVE-2024-12158 | Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation | arrowplugins | Popup – MailChimp, GetResponse and ActiveCampaign Intergrations | Medium | 5.3 | 2025-01-07 04:22:17 | Deep Dive |
| CVE-2024-12157 | Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Unauthenticated SQL Injection | arrowplugins | Popup – MailChimp, GetResponse and ActiveCampaign Intergrations | High | 7.5 | 2025-01-07 04:21:58 | Deep Dive |
| CVE-2024-32430 | WordPress ActiveCampaign plugin <= 8.1.14 - Server Side Request Forgery (SSRF) vulnerability | ActiveCampaign | ActiveCampaign | Medium | 4.4 | 2024-04-15 07:14:25 | Deep Dive |
| CVE-2023-0233 | ActiveCampaign < 8.1.12 - Contributor+ Stored XSS | Unknown | ActiveCampaign | 中危 | - | 2023-05-15 12:15:47 | Deep Dive |
| CVE-2022-3923 | ActiveCampaign for WooCommerce < 1.9.8 - Subscriber+ Error Log Cleanup | Unknown | ActiveCampaign for WooCommerce | 中危 | - | 2023-01-09 22:13:36 | Deep Dive |
| CVE-2021-24133 | ActiveCampaign < 8.0.2 - Cross-Site Request Forgery in Settings | Unknown | ActiveCampaign | 中危 | - | 2021-03-18 14:57:49 | Deep Dive |