CVE-2021-24985

🗓️ 24 Jan 2022 08:01:04Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 43 Views🌐 WEB

The Easy Forms for Mailchimp WordPress plugin before 6.8.6 allows Reflected Cross-Site Scriptin

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2021-24985	24 Jan 202212:17	–	circl
CNNVD	WordPress plugin 跨站脚本漏洞	24 Jan 202200:00	–	cnnvd
CNVD	WordPress Easy Forms for Mailchimp plugin cross-site scripting vulnerability	26 Jan 202200:00	–	cnvd
Cvelist	CVE-2021-24985 Easy Forms for Mailchimp < 6.8.6 - Reflected Cross-Site Scripting	24 Jan 202208:01	–	cvelist
EUVD	EUVD-2021-11897	7 Oct 202500:30	–	euvd
NVD	CVE-2021-24985	24 Jan 202208:15	–	nvd
OpenVAS	WordPress Easy Forms for Mailchimp Plugin < 6.8.6 XSS Vulnerability	26 Jan 202200:00	–	openvas
Patchstack	WordPress Easy Forms for Mailchimp plugin <= 6.8.5 - Reflected Cross-Site Scripting (XSS) vulnerability	21 Dec 202100:00	–	patchstack
Prion	Cross site scripting	24 Jan 202208:15	–	prion
RedhatCVE	CVE-2021-24985	22 May 202519:24	–	redhatcve

NVD

Vulners

Node

yikesinc easy_forms_for_mailchimpRange<6.8.6wordpress

[
  {
    "product": "Easy Forms for Mailchimp",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "6.8.6",
        "status": "affected",
        "version": "6.8.6",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset/2646017
wpscan	www.wpscan.com/vulnerability/50be0ebf-fe6d-41e5-8af9-0d74f33aeb57

Parameter	Position	Path	Description	CWE
field_name	request body	/wp-admin/admin-ajax.php	Reflected XSS via unsanitised field_name and field_type in admin-ajax form submission	CWE-79
field_type	request body	/wp-admin/admin-ajax.php	Reflected XSS via unsanitised field_name and field_type in admin-ajax form submission	CWE-79

21 Nov 2024 05:54Current

6Medium risk

Vulners AI Score6

CVSS 24.3

CVSS 3.16.1

EPSS0.00354

CWE-79