Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for Dynamics 365 Integration by AlexaCRM

    CVE-2024-12583 (GCVE-0-2024-12583)

    Vulnerability from nvd – Published: 2025-01-04 08:22 – Updated: 2026-04-08 17:03
    VLAI
    Title
    Dynamics 365 Integration <= 1.3.23 - Authenticated (Contributor+) Remote Code Execution and Arbitrary File Read via Twig Server-Side Template Injection
    Summary
    The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
    Assigner
    Impacted products
    Vendor Product Version
    alexacrm Dynamics 365 Integration Affected: 0 , ≤ 1.3.23 (semver)
    Create a notification for this product.
    Credits
    Peter Thaleikis
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12583",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-06T16:18:46.655922Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-06T16:34:41.066Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Dynamics 365 Integration",
              "vendor": "alexacrm",
              "versions": [
                {
                  "lessThanOrEqual": "1.3.23",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Peter Thaleikis"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1336",
                  "description": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:03:18.814Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7f3dac5a-9ff8-4e8c-8c73-422123e121d8?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/integration-dynamics/trunk/src/Shortcode/Twig.php#L53"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3210927/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-01-03T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Dynamics 365 Integration \u003c= 1.3.23 - Authenticated (Contributor+) Remote Code Execution and Arbitrary File Read via Twig Server-Side Template Injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-12583",
        "datePublished": "2025-01-04T08:22:51.633Z",
        "dateReserved": "2024-12-12T17:26:16.839Z",
        "dateUpdated": "2026-04-08T17:03:18.814Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-29422 (GCVE-0-2023-29422)

    Vulnerability from nvd – Published: 2024-12-09 11:31 – Updated: 2026-04-28 16:08
    VLAI
    Title
    WordPress Dynamics 365 Integration plugin <= 1.3.13 - Broken Access Control vulnerability
    Summary
    Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.13.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    AlexaCRM Dynamics 365 Integration Affected: n/a , ≤ 1.3.13 (custom)
    Create a notification for this product.
    Credits
    minhtuanact (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29422",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-09T13:29:29.161003Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-09T18:45:24.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "integration-dynamics",
              "product": "Dynamics 365 Integration",
              "vendor": "AlexaCRM",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.3.14",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.3.13",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "minhtuanact (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMissing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.\u003c/p\u003e\u003cp\u003eThis issue affects Dynamics 365 Integration: from n/a through 1.3.13.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.13."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:08:17.888Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/wordpress/plugin/integration-dynamics/vulnerability/wordpress-dynamics-365-integration-plugin-1-3-13-broken-access-control-vulnerability?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update the WordPress Dynamics 365 Integration plugin to the latest available version (at least 1.3.14)."
                }
              ],
              "value": "Update the WordPress Dynamics 365 Integration plugin to the latest available version (at least 1.3.14)."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Dynamics 365 Integration plugin \u003c= 1.3.13 - Broken Access Control vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2023-29422",
        "datePublished": "2024-12-09T11:31:10.411Z",
        "dateReserved": "2023-04-06T08:15:32.682Z",
        "dateUpdated": "2026-04-28T16:08:17.888Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-28417 (GCVE-0-2023-28417)

    Vulnerability from nvd – Published: 2024-12-09 11:31 – Updated: 2026-04-28 16:08
    VLAI
    Title
    WordPress Dynamics 365 Integration plugin <= 1.3.12 - Broken Access Control vulnerability
    Summary
    Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.12.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    AlexaCRM Dynamics 365 Integration Affected: n/a , ≤ 1.3.12 (custom)
    Create a notification for this product.
    Credits
    István Márton (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28417",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-09T13:29:19.342875Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-09T18:44:39.219Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "integration-dynamics",
              "product": "Dynamics 365 Integration",
              "vendor": "AlexaCRM",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.3.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.3.12",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Istv\u00e1n M\u00e1rton (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMissing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.\u003c/p\u003e\u003cp\u003eThis issue affects Dynamics 365 Integration: from n/a through 1.3.12.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.12."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:08:15.506Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/wordpress/plugin/integration-dynamics/vulnerability/wordpress-dynamics-365-integration-plugin-1-3-12-broken-access-control?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update the WordPress Dynamics 365 Integration plugin to the latest available version (at least 1.3.13)."
                }
              ],
              "value": "Update the WordPress Dynamics 365 Integration plugin to the latest available version (at least 1.3.13)."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Dynamics 365 Integration plugin \u003c= 1.3.12 - Broken Access Control vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2023-28417",
        "datePublished": "2024-12-09T11:31:17.827Z",
        "dateReserved": "2023-03-15T12:35:19.371Z",
        "dateUpdated": "2026-04-28T16:08:15.506Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-34550 (GCVE-0-2024-34550)

    Vulnerability from nvd – Published: 2024-05-09 12:10 – Updated: 2026-04-28 16:09
    VLAI
    Title
    WordPress Dynamics 365 Integration plugin <= 1.3.17 - Sensitive Data Exposure vulnerability
    Summary
    Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.This issue affects Dynamics 365 Integration: from n/a through 1.3.17.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    References
    Impacted products
    Vendor Product Version
    AlexaCRM Dynamics 365 Integration Affected: n/a , ≤ 1.3.17 (custom)
    Create a notification for this product.
    Credits
    Joshua Chan (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-34550",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-09T15:14:56.234528Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:40:59.882Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:59:20.975Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/integration-dynamics/wordpress-dynamics-365-integration-plugin-1-3-17-sensitive-data-exposure-vulnerability?_s_id=cve"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "integration-dynamics",
              "product": "Dynamics 365 Integration",
              "vendor": "AlexaCRM",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.3.18",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.3.17",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Joshua Chan (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.\u003cp\u003eThis issue affects Dynamics 365 Integration: from n/a through 1.3.17.\u003c/p\u003e"
                }
              ],
              "value": "Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.This issue affects Dynamics 365 Integration: from n/a through 1.3.17."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:09:49.261Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/integration-dynamics/wordpress-dynamics-365-integration-plugin-1-3-17-sensitive-data-exposure-vulnerability?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to 1.3.18 or a higher version."
                }
              ],
              "value": "Update to 1.3.18 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Dynamics 365 Integration plugin \u003c= 1.3.17 - Sensitive Data Exposure vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2024-34550",
        "datePublished": "2024-05-09T12:10:57.441Z",
        "dateReserved": "2024-05-06T19:20:58.335Z",
        "dateUpdated": "2026-04-28T16:09:49.261Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-12583 (GCVE-0-2024-12583)

    Vulnerability from cvelistv5 – Published: 2025-01-04 08:22 – Updated: 2026-04-08 17:03
    VLAI
    Title
    Dynamics 365 Integration <= 1.3.23 - Authenticated (Contributor+) Remote Code Execution and Arbitrary File Read via Twig Server-Side Template Injection
    Summary
    The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
    Assigner
    Impacted products
    Vendor Product Version
    alexacrm Dynamics 365 Integration Affected: 0 , ≤ 1.3.23 (semver)
    Create a notification for this product.
    Credits
    Peter Thaleikis
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12583",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-06T16:18:46.655922Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-06T16:34:41.066Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Dynamics 365 Integration",
              "vendor": "alexacrm",
              "versions": [
                {
                  "lessThanOrEqual": "1.3.23",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Peter Thaleikis"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1336",
                  "description": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:03:18.814Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7f3dac5a-9ff8-4e8c-8c73-422123e121d8?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/integration-dynamics/trunk/src/Shortcode/Twig.php#L53"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3210927/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-01-03T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Dynamics 365 Integration \u003c= 1.3.23 - Authenticated (Contributor+) Remote Code Execution and Arbitrary File Read via Twig Server-Side Template Injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-12583",
        "datePublished": "2025-01-04T08:22:51.633Z",
        "dateReserved": "2024-12-12T17:26:16.839Z",
        "dateUpdated": "2026-04-08T17:03:18.814Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-28417 (GCVE-0-2023-28417)

    Vulnerability from cvelistv5 – Published: 2024-12-09 11:31 – Updated: 2026-04-28 16:08
    VLAI
    Title
    WordPress Dynamics 365 Integration plugin <= 1.3.12 - Broken Access Control vulnerability
    Summary
    Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.12.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    AlexaCRM Dynamics 365 Integration Affected: n/a , ≤ 1.3.12 (custom)
    Create a notification for this product.
    Credits
    István Márton (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28417",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-09T13:29:19.342875Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-09T18:44:39.219Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "integration-dynamics",
              "product": "Dynamics 365 Integration",
              "vendor": "AlexaCRM",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.3.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.3.12",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Istv\u00e1n M\u00e1rton (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMissing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.\u003c/p\u003e\u003cp\u003eThis issue affects Dynamics 365 Integration: from n/a through 1.3.12.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.12."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:08:15.506Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/wordpress/plugin/integration-dynamics/vulnerability/wordpress-dynamics-365-integration-plugin-1-3-12-broken-access-control?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update the WordPress Dynamics 365 Integration plugin to the latest available version (at least 1.3.13)."
                }
              ],
              "value": "Update the WordPress Dynamics 365 Integration plugin to the latest available version (at least 1.3.13)."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Dynamics 365 Integration plugin \u003c= 1.3.12 - Broken Access Control vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2023-28417",
        "datePublished": "2024-12-09T11:31:17.827Z",
        "dateReserved": "2023-03-15T12:35:19.371Z",
        "dateUpdated": "2026-04-28T16:08:15.506Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-29422 (GCVE-0-2023-29422)

    Vulnerability from cvelistv5 – Published: 2024-12-09 11:31 – Updated: 2026-04-28 16:08
    VLAI
    Title
    WordPress Dynamics 365 Integration plugin <= 1.3.13 - Broken Access Control vulnerability
    Summary
    Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.13.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    AlexaCRM Dynamics 365 Integration Affected: n/a , ≤ 1.3.13 (custom)
    Create a notification for this product.
    Credits
    minhtuanact (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29422",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-09T13:29:29.161003Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-09T18:45:24.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "integration-dynamics",
              "product": "Dynamics 365 Integration",
              "vendor": "AlexaCRM",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.3.14",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.3.13",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "minhtuanact (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMissing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.\u003c/p\u003e\u003cp\u003eThis issue affects Dynamics 365 Integration: from n/a through 1.3.13.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.13."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:08:17.888Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/wordpress/plugin/integration-dynamics/vulnerability/wordpress-dynamics-365-integration-plugin-1-3-13-broken-access-control-vulnerability?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update the WordPress Dynamics 365 Integration plugin to the latest available version (at least 1.3.14)."
                }
              ],
              "value": "Update the WordPress Dynamics 365 Integration plugin to the latest available version (at least 1.3.14)."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Dynamics 365 Integration plugin \u003c= 1.3.13 - Broken Access Control vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2023-29422",
        "datePublished": "2024-12-09T11:31:10.411Z",
        "dateReserved": "2023-04-06T08:15:32.682Z",
        "dateUpdated": "2026-04-28T16:08:17.888Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-34550 (GCVE-0-2024-34550)

    Vulnerability from cvelistv5 – Published: 2024-05-09 12:10 – Updated: 2026-04-28 16:09
    VLAI
    Title
    WordPress Dynamics 365 Integration plugin <= 1.3.17 - Sensitive Data Exposure vulnerability
    Summary
    Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.This issue affects Dynamics 365 Integration: from n/a through 1.3.17.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    References
    Impacted products
    Vendor Product Version
    AlexaCRM Dynamics 365 Integration Affected: n/a , ≤ 1.3.17 (custom)
    Create a notification for this product.
    Credits
    Joshua Chan (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-34550",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-09T15:14:56.234528Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:40:59.882Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:59:20.975Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/integration-dynamics/wordpress-dynamics-365-integration-plugin-1-3-17-sensitive-data-exposure-vulnerability?_s_id=cve"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "integration-dynamics",
              "product": "Dynamics 365 Integration",
              "vendor": "AlexaCRM",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.3.18",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.3.17",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Joshua Chan (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.\u003cp\u003eThis issue affects Dynamics 365 Integration: from n/a through 1.3.17.\u003c/p\u003e"
                }
              ],
              "value": "Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.This issue affects Dynamics 365 Integration: from n/a through 1.3.17."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:09:49.261Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/integration-dynamics/wordpress-dynamics-365-integration-plugin-1-3-17-sensitive-data-exposure-vulnerability?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to 1.3.18 or a higher version."
                }
              ],
              "value": "Update to 1.3.18 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Dynamics 365 Integration plugin \u003c= 1.3.17 - Sensitive Data Exposure vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2024-34550",
        "datePublished": "2024-05-09T12:10:57.441Z",
        "dateReserved": "2024-05-06T19:20:58.335Z",
        "dateUpdated": "2026-04-28T16:09:49.261Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }