Known Vulnerabilities for products from Activecampaign
Listed below are 16 of the newest known vulnerabilities associated with the vendor "Activecampaign".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-32136 | Not Provided | 2025-04-04 | 2026-04-01 | |
| CVE-2025-23778 | Not Provided | 2025-01-16 | 2026-04-01 | |
| CVE-2023-0233 | The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting th... | 5.4 - MEDIUM | 2023-05-15 | 2023-11-07 |
| CVE-2022-3923 | The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check when cleaning up its error... | 4.3 - MEDIUM | 2023-01-09 | 2023-11-07 |
| CVE-2021-24133 | Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow at... | 4.3 - MEDIUM | 2021-03-18 | 2021-03-25 |
| CVE-2008-5056 | Cross-site scripting (XSS) vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows re... | 4.3 - MEDIUM | 2008-11-13 | 2017-08-08 |
| CVE-2008-5055 | SQL injection vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attacker... | 7.5 - HIGH | 2008-11-13 | 2017-08-08 |
| CVE-2007-2630 | Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used ... | 6.5 - MEDIUM | 2007-05-11 | 2018-10-16 |
| CVE-2006-5919 | PHP remote file inclusion vulnerability in admin/e_data/visEdit_control.class.php in ActiveCampaign KnowledgeBuilder 2.2 allo... | 7.5 - HIGH | 2006-11-15 | 2018-10-17 |
| CVE-2006-1488 | ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the full path of the server via invalid (1) article or (2) p... | 5 - MEDIUM | 2006-03-29 | 2017-07-20 |
| CVE-2006-1487 | Cross-site scripting (XSS) vulnerability in ActiveCampaign SupportTrio 2.50.2 allows remote attackers to inject arbitrary web... | 4.3 - MEDIUM | 2006-03-29 | 2017-07-20 |
| CVE-2006-0970 | PHP remote file inclusion vulnerability in index.php in one or more ActiveCampaign products, possibly SupportTrio, allows rem... | 7.5 - HIGH | 2006-03-03 | 2018-10-18 |
| CVE-2005-4634 | SQL injection vulnerability in index.php in ActiveCampaign SupportTrio 1.4 allows remote attackers to execute arbitrary SQL c... | 7.5 - HIGH | 2005-12-31 | 2008-09-20 |
| CVE-2005-3830 | index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote attackers to read or include arbitrary files via the pa... | 5 - MEDIUM | 2005-11-26 | 2011-03-08 |
| CVE-2005-3829 | index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to cause a denial of service (CPU consum... | 7.8 - HIGH | 2005-11-26 | 2011-03-08 |
| CVE-2005-3828 | SQL injection vulnerability in index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to execut... | 7.5 - HIGH | 2005-11-26 | 2011-03-08 |
| CVE-2005-3679 | SQL injection vulnerability in admin/index.php in ActiveCampaign 1-2-All Broadcast Email allows remote attackers to execute a... | 7.5 - HIGH | 2005-11-18 | 2016-10-18 |
| CVE-2003-1131 | PHP remote file inclusion vulnerability in index.php in KnowledgeBuilder, referred to as KnowledgeBase, allows remote attacke... | 7.5 - HIGH | 2003-12-31 | 2017-07-11 |
Known software with vulnerabilities from Activecampaign
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Activecampaign | Activecampaign | 1.0 |