This issue affects Campaign Monitor for WordPress: from n/a through 2.9.1.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Campaign Monitor | Campaign Monitor for WordPress | unaffected |
|
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
| Vendors | Products |
|---|---|
|
Campaign Monitor
Subscribe
|
For Wordpress
Subscribe
|
|
Wordpress
Subscribe
|
Wordpress
Subscribe
|
Project Subscriptions
No advisories yet.
Solution
Update the WordPress Campaign Monitor for WordPress plugin to the latest available version (at least 2.9.2).
Workaround
No workaround given by the vendor.
Mon, 11 May 2026 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Missing Authorization vulnerability in Campaign Monitor Campaign Monitor for WordPress forms-for-campaign-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Campaign Monitor for WordPress: from n/a through <= 2.9.1. | Missing Authorization vulnerability in Campaign Monitor Campaign Monitor for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Campaign Monitor for WordPress: from n/a through 2.9.1. |
| References |
Thu, 23 Apr 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Missing Authorization vulnerability in Campaign Monitor Campaign Monitor for WordPress forms-for-campaign-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Campaign Monitor for WordPress: from n/a through <= 2.9.0. | Missing Authorization vulnerability in Campaign Monitor Campaign Monitor for WordPress forms-for-campaign-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Campaign Monitor for WordPress: from n/a through <= 2.9.1. |
| Title | WordPress Campaign Monitor for WordPress plugin <= 2.9.0 - Broken Access Control vulnerability | WordPress Campaign Monitor for WordPress plugin <= 2.9.1 - Broken Access Control vulnerability |
Tue, 20 Jan 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Tue, 20 Jan 2026 14:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Mon, 12 Jan 2026 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Fri, 09 Jan 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Campaign Monitor
Campaign Monitor for Wordpress Wordpress Wordpress wordpress |
|
| Vendors & Products |
Campaign Monitor
Campaign Monitor for Wordpress Wordpress Wordpress wordpress |
Thu, 08 Jan 2026 09:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Missing Authorization vulnerability in Campaign Monitor Campaign Monitor for WordPress forms-for-campaign-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Campaign Monitor for WordPress: from n/a through <= 2.9.0. | |
| Title | WordPress Campaign Monitor for WordPress plugin <= 2.9.0 - Broken Access Control vulnerability | |
| Weaknesses | CWE-862 | |
| References |
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: Patchstack
Published:
Updated: 2026-05-11T12:55:14.980Z
Reserved: 2026-01-07T17:39:20.896Z
Link: CVE-2026-0674
Vulnrichment
Updated: 2026-01-12T18:32:21.924Z
NVD
Status : Deferred
Published: 2026-01-08T10:15:54.910
Modified: 2026-05-11T14:16:30.200
Link: CVE-2026-0674
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-05-11T17:30:15Z