Browse all 4 CVE security advisories affecting JumpDEMAND Inc.. AI-powered Chinese analysis, POCs, and references for each vulnerability.
JumpDEMAND Inc. develops demand generation platforms for B2B marketing automation. Historically, their products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and insecure authentication mechanisms. The company has recorded four CVEs to date, with notable issues including authenticated RCE flaws in their API endpoints and stored XSS vulnerabilities in customer-facing dashboards. While no major public security incidents have been documented, their vulnerability history suggests consistent challenges in secure coding practices, particularly in web application security and access control implementations.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-35638 | WordPress ActiveDEMAND plugin <= 0.2.43 - Cross Site Request Forgery (CSRF) vulnerability — ActiveDEMANDCWE-352 | 4.3 | Medium | 2024-06-03 |
| CVE-2024-32809 | WordPress ActiveDEMAND plugin <= 0.2.41 - Arbitrary File Upload vulnerability — ActiveDEMANDCWE-434 | 10.0 | Critical | 2024-05-17 |
| CVE-2022-44628 | WordPress 4ECPS Web Forms plugin <= 0.2.17 - Auth. Stored Cross-Site Scripting (XSS) vulnerability — 4ECPS Web Forms (WordPress plugin)CWE-79 | 5.9 | Medium | 2022-11-03 |
| CVE-2022-36296 | WordPress ActiveDEMAND plugin <= 0.2.27 - Broken Authentication vulnerability — ActiveDEMANDCWE-287 | 6.5 | Medium | 2022-08-05 |
This page lists every published CVE security advisory associated with JumpDEMAND Inc.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.