3 matches found
CVE-2023-1325
The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...
CVE-2023-1325
The CVE-2023-1325 issue affects the WordPress plugin Easy Forms for Mailchimp, with versions before 6.8.7. The root cause is insufficient validation and escaping of shortcode attributes, which are echoed back into pages/posts, enabling Stored XSS for users with contributor privileges and above. T...
WordPress Easy Forms for Mailchimp Plugin < 6.8.7 is vulnerable to Cross Site Scripting (XSS)
Software Easy Forms for Mailchimp Type Plugin Vulnerable versions 6.8.7 Fixed in 6.8.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1325 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID bd41da1d02a4 Credits Erwan LR...