Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

clickwhale — Vulnerabilities & Security Advisories 6

Browse all 6 CVE security advisories affecting clickwhale. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ClickWhale is a marketing automation platform designed for email campaign management and customer engagement. Historically, the application has been vulnerable to multiple remote code execution (RCE) and cross-site scripting (XSS) flaws, often stemming from improper input validation and insecure deserialization. Privilege escalation vulnerabilities have also been documented, allowing unauthorized access to sensitive campaign data. The platform's six CVEs highlight consistent security weaknesses in its web interface and API endpoints, with several instances enabling complete compromise of affected systems. These vulnerabilities typically arise from insufficient sanitization of user inputs and inadequate access controls, posing significant risks to organizations relying on the platform for customer communications.

Top products by clickwhale: ClickWhale ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages
CVE IDTitleCVSSSeverityPublished
CVE-2025-10002 ClickWhale <= 2.5.0 - Authenticated (Admin+) SQL injection — ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link PagesCWE-89 4.9 Medium2025-09-20
CVE-2025-47612 WordPress ClickWhale plugin <= 2.4.6 - Broken Access Control Vulnerability — ClickWhaleCWE-862 5.4 Medium2025-05-07
CVE-2025-26963 WordPress ClickWhale plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability — ClickWhaleCWE-352 5.4 Medium2025-02-25
CVE-2025-0804 ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link PagesCWE-79 6.4 Medium2025-01-29
CVE-2024-11327 ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages <= 2.4.1 - Reflected Cross-Site Scripting — ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link PagesCWE-79 6.1 Medium2025-01-11
CVE-2024-51715 WordPress ClickWhale plugin <= 2.4.1 - SQL Injection vulnerability — ClickWhaleCWE-89 8.5 High2025-01-07

This page lists every published CVE security advisory associated with clickwhale. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.