Known Vulnerabilities in this plugin | ww.wp.xz.cn

elizwood-1
(@elizwood-1)

1 year, 2 months ago

I have a WordPress web site with the ActiveCampaign WordPress plugin and I am getting notifications of Cross Site Scripting (XSS) vulnerability. This means hackers can get into my site through this plugin. I have waited several days for ActiveCampaign to update the plugin but they have not. Patchstack flagged version 8.1.16. See their notice: https://patchstack.com/database/wordpress/plugin/activecampaign-subscription-forms/vulnerability/wordpress-activecampaign-plugin-8-1-16-cross-site-scripting-xss-vulnerability
Patchstack believes this plugin has been abandoned. Remove it to be safe.

Viewing 2 replies - 1 through 2 (of 2 total)

Daniel J. Lewis
(@djosephdesign)

1 year, 1 month ago

Also reported here: https://www.cve.org/CVERecord?id=CVE-2025-32136

I’ve tried contacting ActiveCampaign’s support through their live chat and they turned my issue into a ticket so they can connect it with the right team.

Daniel J. Lewis
(@djosephdesign)

1 year, 1 month ago

They just released 8.1.17, which supposedly fixes this!

Maybe it was my email that got them to finally do it?

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Known Vulnerabilities in this plugin’ is closed to new replies.

Tags

xss

2 replies
4 participants
Last reply from: Daniel J. Lewis
Last activity: 1 year, 1 month ago
Status: not resolved