cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12158,https://securityvulnerability.io/vulnerability/CVE-2024-12158,Unauthorized Data Deletion in Popup Plugin for WordPress,"The Popup – MailChimp, GetResponse and ActiveCampaign Integrations plugin for WordPress is susceptible to an unauthorized data deletion vulnerability due to a missing capability check on the 'upc_delete_db_data' AJAX action. This issue affects all versions of the plugin up to and including version 3.2.6, allowing unauthenticated attackers to delete database entries associated with the plugin, potentially leading to significant data loss for users relying on this integration.",Wordpress,"Popup – Mailchimp, Getresponse And Activecampaign Intergrations",5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,false,false,false,2025-01-07T04:22:16.501Z,0
CVE-2024-12157,https://securityvulnerability.io/vulnerability/CVE-2024-12157,SQL Injection Vulnerability in Popup Plugin for WordPress by Ultimate Popup Creator,"The Popup – MailChimp, GetResponse, and ActiveCampaign Integrations plugin for WordPress contains a vulnerability that allows SQL Injection through the 'id' parameter in the 'upc_delete_db_record' AJAX action. This occurs due to improper escaping of user-supplied input and inadequate SQL query preparation. As a result, unauthenticated attackers can inject additional SQL statements, potentially allowing unauthorized access to sensitive database information.",Wordpress,"Popup – Mailchimp, Getresponse And Activecampaign Intergrations",7.5,HIGH,0.0008699999889358878,false,,false,false,true,true,false,false,2025-01-07T04:21:58.312Z,0
CVE-2023-0233,https://securityvulnerability.io/vulnerability/CVE-2023-0233,ActiveCampaign < 8.1.12 - Contributor+ Stored XSS,"The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks",Wordpress,ActiveCampaign,5.4,MEDIUM,0.000590000010561198,false,,false,false,true,true,false,false,2023-05-15T13:15:00.000Z,0
CVE-2022-3923,https://securityvulnerability.io/vulnerability/CVE-2022-3923,ActiveCampaign for WooCommerce < 1.9.8 - Subscriber+ Error Log Cleanup,"The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs.",Wordpress,Activecampaign For WooCommerce,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-01-09T22:13:35.534Z,0
CVE-2021-24133,https://securityvulnerability.io/vulnerability/CVE-2021-24133,ActiveCampaign < 8.0.2 - Cross-Site Request Forgery in Settings,"Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacker's account.",Wordpress,Activecampaign,4.3,MEDIUM,0.0012000000569969416,false,,false,false,false,,false,false,2021-03-18T14:57:49.000Z,0