VYPR

Campaign Monitor for WordPress

by WordPress

CVEs (2)

  • CVE-2023-38474HigNov 30, 2023
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Campaign Monitor Campaign Monitor for WordPress allows Reflected XSS.This issue affects Campaign Monitor for WordPress: from n/a through 2.8.12.

  • CVE-2024-6569MedJul 27, 2024
    risk 0.35cvss 5.3epss 0.01

    The Campaign Monitor for WordPress plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.8.15. This is due the plugin not properly restricting direct access to /forms/views/admin/create.php and display_errors being enabled. This makes…