Known Vulnerabilities for products from Activecampaign
Listed below are 16 of the newest known vulnerabilities associated with the vendor "Activecampaign".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-32136 json | Not Provided | 2025-04-04 | 2026-04-23 | |
| CVE-2025-23778 json | Not Provided | 2025-01-16 | 2026-04-23 | |
| CVE-2023-0233 json | The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting th... | 5.4 - MEDIUM | 2023-05-15 | 2023-11-07 |
| CVE-2022-3923 json | The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check when cleaning up its error... | 4.3 - MEDIUM | 2023-01-09 | 2023-11-07 |
| CVE-2021-24133 json | Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow at... | 4.3 - MEDIUM | 2021-03-18 | 2021-03-25 |
| CVE-2008-5056 json | Cross-site scripting (XSS) vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows re... | Not Provided | 2008-11-13 | 2026-04-23 |
| CVE-2008-5055 json | SQL injection vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attacker... | Not Provided | 2008-11-13 | 2026-04-23 |
| CVE-2007-2630 json | Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used ... | Not Provided | 2007-05-11 | 2026-04-23 |
| CVE-2006-5919 json | PHP remote file inclusion vulnerability in admin/e_data/visEdit_control.class.php in ActiveCampaign KnowledgeBuilder 2.2 allo... | Not Provided | 2006-11-15 | 2026-04-23 |
| CVE-2006-1488 json | ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the full path of the server via invalid (1) article or (2) p... | Not Provided | 2006-03-29 | 2025-04-03 |
| CVE-2006-1487 json | Cross-site scripting (XSS) vulnerability in ActiveCampaign SupportTrio 2.50.2 allows remote attackers to inject arbitrary web... | Not Provided | 2006-03-29 | 2025-04-03 |
| CVE-2006-0970 json | PHP remote file inclusion vulnerability in index.php in one or more ActiveCampaign products, possibly SupportTrio, allows rem... | Not Provided | 2006-03-03 | 2025-04-03 |
| CVE-2005-4634 json | SQL injection vulnerability in index.php in ActiveCampaign SupportTrio 1.4 allows remote attackers to execute arbitrary SQL c... | Not Provided | 2005-12-31 | 2025-04-03 |
| CVE-2005-3830 json | index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote attackers to read or include arbitrary files via the pa... | Not Provided | 2005-11-26 | 2025-04-03 |
| CVE-2005-3829 json | index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to cause a denial of service (CPU consum... | Not Provided | 2005-11-26 | 2025-04-03 |
| CVE-2005-3828 json | SQL injection vulnerability in index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to execut... | Not Provided | 2005-11-26 | 2025-04-03 |
| CVE-2005-3679 json | SQL injection vulnerability in admin/index.php in ActiveCampaign 1-2-All Broadcast Email allows remote attackers to execute a... | Not Provided | 2005-11-18 | 2025-04-03 |
| CVE-2003-1131 json | PHP remote file inclusion vulnerability in index.php in KnowledgeBuilder, referred to as KnowledgeBase, allows remote attacke... | Not Provided | 2003-12-31 | 2025-04-03 |
Known software with vulnerabilities from Activecampaign
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Activecampaign | Activecampaign | 1.0 |