cleantalk
Vulnerabilities and Security Researches

Campaign Monitor for WordPress, CVE-2023-38474

CVE, Research URL

CVE-2023-38474

Home page URL

Security reports for Campaign Monitor for WordPress

Application

Campaign Monitor for WordPress

Published on
Nov 30, 2023
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Campaign Monitor Campaign Monitor for WordPress allows Reflected XSS.This issue affects Campaign Monitor for WordPress: from n/a through 2.8.12.
Affected versions
max 2.8.14.
Status
vulnerable
Previous vulnerability researches
Campaign Monitor for WordPress (CVE-2023-38474) , Jun 07, 2024
Campaign Monitor for WordPress (CVE-2026-0674) , Apr 15, 2026
Campaign Monitor for WordPress (CVE-2024-6569) , Jul 28, 2024
New vulnerability
AMP Enhancer – Compatibility Layer for Official AMP Plugin (CVE-2026-2027) , Apr 16, 2026
WaveSurfer-WP (CVE-2026-1909) , Apr 16, 2026
xmlrpc attacks blocker (CVE-2026-2502) , Apr 16, 2026
Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud! (CVE-2026-0831) , Apr 16, 2026
iRobots.txt SEO (CVE-2025-68840) , Apr 16, 2026