cleantalk
Vulnerabilities and Security Researches

FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.), CVE-2025-11975

CVE, Research URL

CVE-2025-11975

Home page URL

Security reports for FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.)

Application

FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.)

Published on
Oct 31, 2025
Research Description
The FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_changes() function in all versions up to, and including, 1.1.23.0. This makes it possible for unauthenticated attackers to add and edit sync rules.
Affected versions
max 1.1.23.1.
Status
vulnerable
Previous vulnerability researches
FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) (CVE-2025-11976) , Nov 10, 2025
FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) (CVE-2025-11975) , Nov 10, 2025
New vulnerability
Top Bar Notification (CVE-2025-12412) , Nov 10, 2025
WP Travel Engine – Best Travel Booking WordPress Plugin (CVE-2025-7526) , Nov 10, 2025
WP Travel Engine – Best Travel Booking WordPress Plugin (CVE-2025-7634) , Nov 10, 2025
Podlove Web Player (CVE-2025-62908) , Nov 10, 2025
Simple Content Templates for Blog Posts & Pages (CVE-2025-62958) , Nov 10, 2025