Activecampaign

activecampaign

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-32430 1Activecampaign 1Activecampaign Apr 28, 2026 Apr 15, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Server-Side Request Forgery (SSRF) vulnerability in ActiveCampaign.This issue affects ActiveCampaign: from n/a through 8.1.14.
CVE-2023-0233 1Activecampaign 1Activecampaign Jan 14, 2025 May 15, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor r...Show more The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksShow less
CVE-2021-24133 1Activecampaign 1Activecampaign Nov 21, 2024 Mar 18, 2021 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacker's account.