CVE-2024-35742

2024-06-1008:15:51

CWE-862

[email protected]

web.nvd.nist.gov

cve-2024-35742

missing authorization

code parrots easy forms

mailchimp

vulnerability

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

0.0005 Low

EPSS

Percentile

17.0%

JSON

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0.

Affected configurations

Vulners

NVD

Node

code_parrotseasy_forms_for_mailchimpRange≤6.9.0

CPENameOperatorVersion
codeparrots:easy_forms_for_mailchimpcodeparrots easy forms for mailchimple6.9.0

CPE	Name	Operator	Version
codeparrots:easy_forms_for_mailchimp	codeparrots easy forms for mailchimp	le	6.9.0

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "yikes-inc-easy-mailchimp-extender",
    "product": "Easy Forms for Mailchimp",
    "vendor": "Code Parrots",
    "versions": [
      {
        "lessThanOrEqual": "6.9.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/yikes-inc-easy-mailchimp-extender/wordpress-easy-forms-for-mailchimp-plugin-6-9-0-broken-access-control-vulnerability?_s_id=cve