CVE-2022-2267

The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users such as subscriber to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan priva...

Cross site request forgery (csrf)

The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users such as subscriber to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan priva...

WordPress plugin Mailchimp for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2022-17367 · WordPress · Mailchimp For Woocommerce

Name of the Vulnerable Software and Affected Versions: Mailchimp for WooCommerce WordPress plugin versions prior to 2.7.2 Description: The issue allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN. The body of the request is also appended to t...