48 matches found
CVE-2026-8868
The Single Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'single-mailchimp' shortcode in all versions up to, and including, 1.4. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes autocomplete, label,...
CVE-2026-8868 Single Mailchimp <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Single Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'single-mailchimp' shortcode in all versions up to, and including, 1.4. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes autocomplete, label,...
PT-2026-43516
The Single Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'single-mailchimp' shortcode in all versions up to, and including, 1.4. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes autocomplete, label,...
WordPress Single Mailchimp plugin <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Single Mailchimp versions = 1.4...
CVE-2026-1781
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the mc4wpaction POST parameter without validation, allowing unauthenticated attackers to force the form to process...
CVE-2026-1781
CVE-2026-1781 affects the MC4WP: Mailchimp for WordPress plugin for WordPress; vulnerable in all versions up to 4.11.1 due to missing authorization in the form handling, where the plugin trusts the publicly exposed _mc4wp_action POST parameter. This allows unauthenticated attackers to force unsub...
WordPress plugin MC4WP: Mailchimp for WordPress 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2025-12172
The Mailchimp List Subscribe Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation on the mailchimpsfchangelistifnecessary function. This makes it possible for unauthenticated attacke...
PT-2026-20580
Name of the Vulnerable Software and Affected Versions Mailchimp List Subscribe Form versions prior to 2.0.1 Description The Mailchimp List Subscribe Form plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by inadequate nonce validation within the mailchimp sf change...
CVE-2017-18577
The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS via the return value of addqueryarg...
EUVD-2017-9693
Malware in sbrugna...
EUVD-2022-34542
Malicious code in bioql PyPI...
EUVD-2023-54761
Malicious code in bioql PyPI...
EUVD-2024-49434
Malicious code in bioql PyPI...
EUVD-2023-27983
Malicious code in bioql PyPI...
EUVD-2023-51656
Malicious code in bioql PyPI...
EUVD-2022-34810
Malicious code in bioql PyPI...
EUVD-2023-23581
Malicious code in bioql PyPI...
CVE-2025-10735
The Block For Mailchimp – Easy Mailchimp Form Integration plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.12 via the mcbSubmitFormData. This makes it possible for unauthenticated attackers to make web requests to arbitrary location...
CVE-2025-10735
The Block For Mailchimp – Easy Mailchimp Form Integration plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.12 via the mcbSubmitFormData. This makes it possible for unauthenticated attackers to make web requests to arbitrary location...