GCVE - cpe:2.3:a:alexacrm:dynamics_365_integration:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:alexacrm:dynamics_365_integration:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Alexacrm (`6b06e65c-5279-597e-847f-55d4e9bc50b5`)
Product	Dynamics 365 Integration (`fcffd90a-671b-5f90-bb5f-5185b0acce26`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-34550`	vulnerable	2026-06-08 06:37:33.463805	WordPress Dynamics 365 Integration plugin <= 1.3.17 - Sensitive Data Exposure vulnerability MEDIUM (5.3) Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.This issue affects Dynamics 365 Integration: from n/a through 1.3.17. Published: 2024-05-09T12:10:57.441Z Updated: 2026-04-28T16:09:49.261Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/integration-dynamics/wordpress-dynamics-365-integration-plugin-1-3-17-sensitive-data-exposure-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-12583`	vulnerable	2026-06-08 06:25:35.588222	Dynamics 365 Integration <= 1.3.23 - Authenticated (Contributor+) Remote Code Execution and Arbitrary File Read via Twig Server-Side Template Injection CRITICAL (9.9) The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. Published: 2025-01-04T08:22:51.633Z Updated: 2026-04-08T17:03:18.814Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/7f3dac5a-9ff8-4e8c-8c73-422123e121d8?source=cve https://plugins.trac.wordpress.org/browser/integration-dynamics/trunk/src/Shortcode/Twig.php#L53 https://plugins.trac.wordpress.org/changeset/3210927/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-29422`	vulnerable	2026-06-08 06:02:40.169788	WordPress Dynamics 365 Integration plugin <= 1.3.13 - Broken Access Control vulnerability MEDIUM (4.3) Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.13. Published: 2024-12-09T11:31:10.411Z Updated: 2026-04-28T16:08:17.888Z Open on db.gcve.eu Reference links https://patchstack.com/database/wordpress/plugin/integration-dynamics/vulnerability/wordpress-dynamics-365-integration-plugin-1-3-13-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28417`	vulnerable	2026-06-08 06:01:10.711891	WordPress Dynamics 365 Integration plugin <= 1.3.12 - Broken Access Control vulnerability MEDIUM (5.4) Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.12. Published: 2024-12-09T11:31:17.827Z Updated: 2026-04-28T16:08:15.506Z Open on db.gcve.eu Reference links https://patchstack.com/database/wordpress/plugin/integration-dynamics/vulnerability/wordpress-dynamics-365-integration-plugin-1-3-12-broken-access-control?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.