Creative Mail
0 remedies
cpe:2.3:a:constantcontact:creative_mail:*:*:*:*:wordpress:*:*
0 remedies
- <= 1.6.9
Creative Mail WordPress Plugin SQL Injection Vulnerability
Vulnerability
A SQL injection vulnerability has been identified in the Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin, affecting all versions through 1.6.9. The vulnerability arises from inadequate escaping of the 'checkout_uuid' parameter in the 'has_checkout_consent()' method, allowing unauthenticated attackers to inject additional SQL queries. This exploitation could lead to unauthorized access to sensitive database information.
Impact
Exploitation of this vulnerability allows for SQL injection, where attackers can manipulate database queries to extract or potentially modify sensitive information.
Reproduction
To reproduce this vulnerability, send a request to a WordPress site with the Creative Mail plugin active, including the 'checkout_uuid' parameter. The 'has_checkout_consent()' method will process the request without properly sanitizing the input, allowing for SQL injection.
Remediation
No patch is currently available. Users are advised to uninstall the affected plugin and consider a replacement.
Added: May 20, 2026, 3:02 AM
Updated: May 20, 2026, 3:02 AM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
2.5exploitability
9.3remediation
0.0relevance
8.9threat
4.8urgency
2.9incentive
8.3Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.