CVE-2024-12158 – MailChimp, GetResponse and ActiveCampaign Intergrations Plugin Unauthenticated Data Deletion

1月 7, 2025
6:16 am

CVE ID : CVE-2024-12158

Published : Jan. 7, 2025, 5:15 a.m. | 1 hour, 1 minute ago

Description : The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ‘upc_delete_db_data’ AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated attackers to delete the DB data for the plugin.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-12158 – MailChimp, GetResponse and ActiveCampaign Intergrations Plugin Unauthenticated Data Deletion

Elvescore.io

Recent Posts

CVE-2024-10866 – WordPress Export Import Menus Capability Check Bypass Vulnerability

CVE-2024-11625 – Progress Software Corporation Sitefinity Information Exposure Through Error Message

CVE-2024-11626 – Progress Sitefinity Sitefinity Cross-site Scripting (XSS) Vulnerability

CVE-2024-11627 – Progress Sitefinity Session Fixation Vulnerability

CVE-2024-12077 – Booking Calendar and Booking Calendar Pro Cross-Site Scripting Vulnerability

CVE-2024-12202 – Croma Music Plugin for WordPress Privilege Escalation

CVE-2024-12158 – MailChimp, GetResponse and ActiveCampaign Intergrations Plugin Unauthenticated Data Deletion

CVE-2024-12158 – MailChimp, GetResponse and ActiveCampaign Intergrations Plugin Unauthenticated Data Deletion