cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forcreative-mail-by-constant-contact creative-mail-by-constant-contact

Direction: ascending
Jun 07, 2024

Creative Mail – Easier WordPress & WooCommerce Email Marketing # CVE-2022-40687

CVE, Research URL

CVE-2022-40687

Home page URL

Security reports for Creative Mail – Easier WordPress & WooCommerce Email Marketing

Application

Creative Mail – Easier WordPress & WooCommerce Email Marketing

Date
Nov 19, 2022
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress.
Affected versions
max 1.6.0.
Status
vulnerable

Creative Mail – Easier WordPress &amp; WooCommerce Email Marketing # CVE-2022-40686

CVE, Research URL

CVE-2022-40686

Home page URL

Security reports for Creative Mail – Easier WordPress &amp; WooCommerce Email Marketing

Application

Creative Mail – Easier WordPress &amp; WooCommerce Email Marketing

Date
Nov 19, 2022
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress.
Affected versions
max 1.6.0.
Status
vulnerable

Creative Mail – Easier WordPress &amp; WooCommerce Email Marketing # CVE-2022-44740

CVE, Research URL

CVE-2022-44740

Home page URL

Security reports for Creative Mail – Easier WordPress &amp; WooCommerce Email Marketing

Application

Creative Mail – Easier WordPress &amp; WooCommerce Email Marketing

Date
Nov 19, 2022
Research Description
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative Mail plugin <= 1.5.4 on WordPress.
Affected versions
max 1.6.0.
Status
vulnerable
May 22, 2026

Creative Mail – Easier WordPress &amp; WooCommerce Email Marketing # CVE-2026-3985

CVE, Research URL

CVE-2026-3985

Home page URL

Security reports for Creative Mail – Easier WordPress &amp; WooCommerce Email Marketing

Application

Creative Mail – Easier WordPress &amp; WooCommerce Email Marketing

Date
May 20, 2026
Research Description
The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerable to SQL Injection via the 'checkout_uuid' parameter in all versions up to, and including, 1.6.9. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the `has_checkout_consent()` method. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
max 1.6.9.
Status
vulnerable