Vulnerabilities and security researches forcampaign-url-builder campaign-url-builder

Jun 06, 2024

CVE, Research URL: e3df465a86d34d46740188981f9866e755a33296
Home page URL: Security reports for Campaign URL Builder
Application: Campaign URL Builder
Date: Feb 15, 2023
Research Description: Campaign URL Builder [campaign-url-builder] < 1.8.2 Campaign URL Builder <= 1.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting via Create Link The Campaign URL Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple form fields within the Create Link tab of the settings page in versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: max 1.8.2.
Status: vulnerable

CVE, Research URL: CVE-2023-0538
Home page URL: Security reports for Campaign URL Builder
Application: Campaign URL Builder
Date: Mar 13, 2023
Research Description: The Campaign URL Builder WordPress plugin before 1.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Affected versions: max 1.8.2.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: cf306593fd6b456d6c0e130e3df300859dd3c130
Home page URL: Security reports for Campaign URL Builder
Application: Campaign URL Builder
Date: Feb 16, 2023
Research Description: Campaign URL Builder [campaign-url-builder] < 1.8.2 WordPress Campaign URL Builder Plugin <= 1.8.1 is vulnerable to Cross Site Scripting (XSS) Update the WordPress Campaign URL Builder plugin to the latest available version (at least 1.8.2). WordFence discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Campaign URL Builder Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.8.2.
Affected versions: max 1.8.2.
Status: vulnerable