Browse all 6 CVE security advisories affecting clickwhale. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ClickWhale is a marketing automation platform designed for email campaign management and customer engagement. Historically, the application has been vulnerable to multiple remote code execution (RCE) and cross-site scripting (XSS) flaws, often stemming from improper input validation and insecure deserialization. Privilege escalation vulnerabilities have also been documented, allowing unauthorized access to sensitive campaign data. The platform's six CVEs highlight consistent security weaknesses in its web interface and API endpoints, with several instances enabling complete compromise of affected systems. These vulnerabilities typically arise from insufficient sanitization of user inputs and inadequate access controls, posing significant risks to organizations relying on the platform for customer communications.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-47612 | WordPress ClickWhale plugin <= 2.4.6 - Broken Access Control Vulnerability — ClickWhaleCWE-862 | 5.4 | Medium | 2025-05-07 |
| CVE-2025-26963 | WordPress ClickWhale plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability — ClickWhaleCWE-352 | 5.4 | Medium | 2025-02-25 |
| CVE-2024-51715 | WordPress ClickWhale plugin <= 2.4.1 - SQL Injection vulnerability — ClickWhaleCWE-89 | 8.5 | High | 2025-01-07 |
This page lists every published CVE security advisory associated with clickwhale. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.