CVE-2025-12172 Mailchimp List Subscribe Form <= 2.0.0 - Cross-Site Request Forgery to Mailchimp List Change

The Mailchimp List Subscribe Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation on the mailchimpsfchangelistifnecessary function. This makes it possible for unauthenticated attacke...

CVE-2025-12172

CVE-2025-12172 affects the WordPress plugin Mailchimp List Subscribe Form (

WordPress Forms for Mailchimp by Optin Cat plugin <= 2.5.7 - Authenticated (Editor+) Stored Cross-Site Scripting via Form Color Parameters vulnerability

Authenticated Editor+ Stored Cross-Site Scripting via Form Color Parameters vulnerability discovered by mike harris in WordPress Plugin Forms for Mailchimp by Optin Cat versions = 2.5.7...

PT-2024-38379 · WordPress · Forms For Mailchimp By Optin Cat

Name of the Vulnerable Software and Affected Versions: The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress versions up to, and including, 2.5.6 Description: The issue is related to Stored Cross-Site Scripting via the form color parameters due to insufficient input...