Vulnerabilities and security researches foractivecampaign-subscription-forms activecampaign-subscription-forms
Direction: ascendingJun 07, 2024
ActiveCampaign – Forms, Site Tracking, Live Chat # CVE-2024-32430
- CVE, Research URL
- Date
- Apr 15, 2024
- Research Description
- Server-Side Request Forgery (SSRF) vulnerability in ActiveCampaign.This issue affects ActiveCampaign: from n/a through 8.1.14.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
ActiveCampaign – Forms, Site Tracking, Live Chat # CVE-2021-24133
- CVE, Research URL
- Date
- Mar 18, 2021
- Research Description
- Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacker's account.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
ActiveCampaign – Forms, Site Tracking, Live Chat # CVE-2023-0233
- CVE, Research URL
- Date
- May 15, 2023
- Research Description
- The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Apr 06, 2025
ActiveCampaign – Forms, Site Tracking, Live Chat # CVE-2025-32136
- CVE, Research URL
- Date
- Apr 04, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in activecampaign ActiveCampaign allows Stored XSS. This issue affects ActiveCampaign: from n/a through 8.1.16.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable