Skip to main content

Convertkit Email Marketing Email Newsletter And Landing Pages

3 CVEs product

Monthly

CVE-2024-3961 MEDIUM This Month

The ConvertKit - Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Convertkit Email Marketing Email Newsletter And Landing Pages
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-31245 MEDIUM This Month

Insertion of Sensitive Information into Log File vulnerability in ConvertKit.4.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Convertkit Email Marketing Email Newsletter And Landing Pages
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-2337 MEDIUM POC This Month

The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Convertkit Email Marketing Email Newsletter And Landing Pages
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
EPSS 0% CVSS 5.3
MEDIUM This Month

The ConvertKit - Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Convertkit Email Marketing Email Newsletter And Landing Pages
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Insertion of Sensitive Information into Log File vulnerability in ConvertKit.4.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Convertkit Email Marketing Email Newsletter And Landing Pages
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Convertkit Email Marketing Email Newsletter And Landing Pages
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy