653 matches found
Jeg Elementor Kit < 2.5.7 - Unauthenticated Settings Update
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...
CVE-2026-15000
The Connect Contact Form 7 and Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Mailchimp Merge Field Values in all versions up to, and including, 0.9.78.06 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
EUVD-2026-42523
The Connect Contact Form 7 and Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Mailchimp Merge Field Values in all versions up to, and including, 0.9.78.06 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2026-15000
The CVE-2026-15000 entry concerns the Connect Contact Form 7 and Mailchimp plugin for WordPress, showing a Stored Cross-Site Scripting vulnerability via Mailchimp Merge Field Values in all versions up to 0.9.78.06. The issue arises from insufficient input sanitization and output escaping, enablin...
CVE-2026-15000 Connect Contact Form 7 and Mailchimp <= 0.9.78.06 - Unauthenticated Stored Cross-Site Scripting via Mailchimp Merge Field Values
The Connect Contact Form 7 and Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Mailchimp Merge Field Values in all versions up to, and including, 0.9.78.06 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2026-56063
Unauthenticated Broken Access Control in MailChimp Block = 1.1.15 versions...
CVE-2026-56063 WordPress MailChimp Block plugin <= 1.1.15 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in MailChimp Block = 1.1.15 versions...
EUVD-2026-39717
Unauthenticated Broken Access Control in MailChimp Block = 1.1.15 versions...
CVE-2026-56063
The CVE-2026-56063 entry documents an Unauthenticated Broken Access Control vulnerability in the WordPress plugin MailChimp Block up to version 1.1.15 . The affected component is the plugin’s access control logic, with impact described as compromising confidentiality, integrity, and availability ...
CVE-2026-49765
Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.8 versions...
CVE-2026-49765 WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.8 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.8 versions...
EUVD-2026-36889
Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.8 versions...
CVE-2026-49765
The CVE-2026-49765 entry concerns the WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin (versions <= 1.1.8). The connected sources confirm unauthenticated PHP Object Injection as the vulnerability, with a CVSS 3.1 base score of 9.8 (CRITICAL) and im...
PT-2026-49513
Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.8 versions...
CVE-2026-8868
The Single Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'single-mailchimp' shortcode in all versions up to, and including, 1.4. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes autocomplete, label,...
WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.8 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Frissi0n in WordPress Plugin Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms versions = 1.1.8...
CVE-2026-8868
The Single Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'single-mailchimp' shortcode in all versions up to, and including, 1.4. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes autocomplete, label,...
CVE-2026-8868 Single Mailchimp <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Single Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'single-mailchimp' shortcode in all versions up to, and including, 1.4. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes autocomplete, label,...
EUVD-2026-32056
The Single Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'single-mailchimp' shortcode in all versions up to, and including, 1.4. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes autocomplete, label,...
CVE-2026-8868
The Single Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'single-mailchimp' shortcode in all versions up to, and including, 1.4. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes autocomplete, label,...