Browse all 3 CVE security advisories affecting ontraport. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Ontraport provides an all-in-one platform for small businesses to manage customer relationships, marketing automation, and sales processes. Historically, the platform has been susceptible to multiple critical vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities have allowed attackers to execute arbitrary code, steal session cookies, and gain unauthorized administrative access. While no major public security incidents have been widely reported, the three documented CVEs highlight ongoing security challenges in its web application and API components. The platform's complex architecture, combining multiple business functions into a single system, creates a larger attack surface compared to more specialized solutions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-58221 | WordPress PilotPress Plugin <= 2.0.36 - Broken Access Control Vulnerability — PilotPressCWE-862 | 4.3 | Medium | 2025-09-22 |
| CVE-2025-58238 | WordPress PilotPress Plugin <= 2.0.36 - Cross Site Scripting (XSS) Vulnerability — PilotPressCWE-79 | 6.5 | Medium | 2025-09-22 |
| CVE-2017-1002010 | WordPress Membership Simplified SQL注入漏洞 — Membership Simplified | 9.8 | - | 2017-09-14 |
This page lists every published CVE security advisory associated with ontraport. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.