Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Mautic — Vulnerabilities & Security Advisories 36

All 36 CVE vulnerabilities found in Mautic, with AI-generated Chinese analysis, references, and POCs.

This page details security vulnerabilities associated with Mautic, an open-source marketing automation platform, categorized under various weakness types such as cross-site scripting and unauthorized access. The collection aggregates advisory data and public exploit information covering a comprehensive time range from early foundational releases to recent critical patches, ensuring a complete historical view of the product's security posture. Users can leverage this resource to track specific vendor advisories as they are issued, gain a deeper understanding of common weakness classes that affect marketing automation software, and conduct a thorough lookup of Mautic’s vulnerability history to assess long-term risk and remediation efforts. By consolidating these disparate data points into a single view, this page serves as a centralized repository for security researchers, system administrators, and compliance officers who need to evaluate the impact of known flaws on their deployments. The information presented highlights patterns in vulnerability discovery and resolution, offering insights into the development lifecycle's security maturity. This structured approach allows for efficient correlation between identified weaknesses and their respective fixes, facilitating faster decision-making during incident response and proactive security hardening. Whether monitoring for newly disclosed issues or auditing past exposures, this aggregation provides the necessary context to maintain a secure Mautic environment.

Vendor: Mautic

CVE IDTitleCVSSSeverityPublished
CVE-2026-3105 SQL Injection in Contact Activity API Sorting CWE-89 7.6 High2026-02-24
CVE-2025-13828 Mautic user without privileged access to the Marketplace can install and uninstall composer packages CWE-862 7.8AIHighAI2025-12-02
CVE-2025-13827 GrapesJsBuilder File Upload allows all file uploads CWE-434 9.8AICriticalAI2025-12-02
CVE-2025-9823 Reflected XSS in lead:addLeadTags - Quick Add CWE-79 6.1AIMediumAI2025-09-03
CVE-2025-9824 User Enumeration via Response Timing CWE-204 5.9 Medium2025-09-03
CVE-2025-9822 Secret data extraction via elfinder CWE-283 5.5 Medium2025-09-03
CVE-2025-9821 SSRF via webhook function CWE-918 2.7 Low2025-09-03
CVE-2025-5256 Open Redirect vulnerability on user unlock path CWE-601 5.4 Medium2025-05-28
CVE-2024-47055 Segment cloning doesn't have a proper permission check CWE-862 4.3 Medium2025-05-28
CVE-2024-47057 User name enumeration possible due to response time difference on password reset form CWE-203 5.3 Medium2025-05-28
CVE-2024-47056 Mautic does not shield .env files from web traffic CWE-312 5.1 Medium2025-05-28
CVE-2025-5257 Predictable Page Indexing Might Lead to Sensitive Data Exposure CWE-1284 6.5 Medium2025-05-28
CVE-2022-25770 Insufficient authentication in upgrade flow CWE-306 7.8 High2024-09-18
CVE-2024-47059 Users enumeration - weak password login CWE-200 4.3 Medium2024-09-18
CVE-2021-27917 XSS in contact tracking and page hits report CWE-79 7.3 High2024-09-18
CVE-2024-47050 XSS in contact/company tracking (no authentication) CWE-79 5.4 Medium2024-09-18
CVE-2024-47058 Cross-site Scripting (XSS) - stored (edit form HTML field) CWE-79 2.9 Low2024-09-18
CVE-2022-25768 Improper Access Control in UI upgrade process CWE-287 7.0 High2024-09-18
CVE-2022-25777 Server-Side Request Forgery in Asset section CWE-918 6.5 Medium2024-09-18
CVE-2022-25776 Sensitive Data Exposure due to inadequate user permission settings CWE-276 8.3 High2024-09-18
CVE-2022-25775 SQL Injection in dynamic Reports CWE-89 6.6 Medium2024-09-18
CVE-2022-25774 XSS in Notifications via saving Dashboards CWE-79 4.8 Medium2024-09-18
CVE-2022-25769 Improper regex in htaccess file CWE-1284 7.2 High2024-09-18
CVE-2021-27916 Relative Path Traversal / Arbitrary File Deletion in Mautic (GrapesJS Builder) CWE-22 8.1 High2024-09-17
CVE-2021-27915 XSS Cross-site Scripting Stored (XSS) - Description field CWE-80 7.6 High2024-09-17
CVE-2024-3448 Improper Access Control Leads to Server-Side Request Forgery in Mautic CWE-918 5.0 Medium2024-04-10
CVE-2024-2731 Improper Access Control Issues Lead to Sensitive Data Exposure in Mautic CWE-284 5.4 Medium2024-04-10
CVE-2024-2730 Predictable Page Indexing Might Lead to Sensitive Data Exposure in Mautic CWE-425 5.3 Medium2024-04-10
CVE-2022-25772 Mautic 跨站脚本漏洞 CWE-79 9.6 Critical2022-06-20
CVE-2021-27914 Mautic 跨站脚本漏洞 CWE-79 7.6 High2022-06-01

All 36 known CVE vulnerabilities affecting Mautic with full Chinese analysis, references, and POCs where available.