cleantalk
Vulnerabilities and Security Researches

FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.), CVE-2025-11975

CVE, Research URL

CVE-2025-11975

Home page URL

Security reports for FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.)

Application

FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.)

Published on
Oct 31, 2025
Research Description
The FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_changes() function in all versions up to, and including, 1.1.23.0. This makes it possible for unauthenticated attackers to add and edit sync rules.
Affected versions
max 1.1.23.1.
Status
vulnerable
Previous vulnerability researches
Post Grid for Elementor & Product Grid | PowerGrids (513b8cac04964f7c742c50353b32f41d519b21a5) , Jun 07, 2024
New vulnerability
wpNamedUsers (CVE-2025-48083) , Nov 10, 2025
Colibri Page Builder (CVE-2025-9560) , Nov 10, 2025
WP Snow Effect (CVE-2025-64294) , Nov 10, 2025
Silencesoft RSS Reader (CVE-2025-60181) , Nov 10, 2025
Disable Content Editor For Specific Template (CVE-2025-12072) , Nov 10, 2025