CVE-2026-23693

ElementsKit Lite (elementskit-lite) WordPress plugin versions prior to 3.7.9 expose an unauthenticated REST endpoint at /wp-json/elementskit/v1/widget/mailchimp/subscribe. The endpoint accepts client-supplied Mailchimp credentials and inadequately validates parameters (including the list) when co...

CVE-2026-23693 ElementsKit Elementor Addons < 3.7.9 Unauthenticated Mailchimp REST Endpoint

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor elementskit-lite WordPress plugin versions prior to 3.7.9 expose the REST endpoint /wp-json/elementskit/v1/widget/mailchimp/subscribe without authentication. The endpoint accepts client-supplied Mailchimp API...

CVE-2025-12172 Mailchimp List Subscribe Form <= 2.0.0 - Cross-Site Request Forgery to Mailchimp List Change

The Mailchimp List Subscribe Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation on the mailchimpsfchangelistifnecessary function. This makes it possible for unauthenticated attacke...

EUVD-2023-37491

Malicious code in bioql PyPI...

EUVD-2025-2946

Malicious code in bioql PyPI...

EUVD-2024-40652

Malicious code in bioql PyPI...

EUVD-2023-36761

Malicious code in bioql PyPI...

CVE-2025-22727

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginOps MailChimp Subscribe Forms mailchimp-subscribe-sm allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through = 4.1...

CVE-2024-43211

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginOps MailChimp Subscribe Forms allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through 4.0.9.9...

CVE-2023-32517

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: from n/a through 4.0.9.3...

CVE-2025-22727

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginOps MailChimp Subscribe Forms mailchimp-subscribe-sm allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through = 4.1...

CVE-2025-22727 WordPress MailChimp Subscribe Form plugin <= 4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginOps MailChimp Subscribe Forms mailchimp-subscribe-sm allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through = 4.1...

WordPress plugin MailChimp Subscribe Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-43211 WordPress MailChimp Subscribe Form plugin <=4.0.9.9 - Stored Cross-Site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginOps MailChimp Subscribe Forms allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through 4.0.9.9...

CVE-2024-43211

CVE-2024-43211 is a Stored XSS vulnerability in the WordPress plugin MailChimp Subscribe Forms (versions up to and including 4.0.9.9; affected versions are listed as n/a through 4.0.9.9). The issue stems from improper neutralization of input during web page generation. Impact is described as cros...

PT-2024-30374 · Pluginops · Pluginops Mailchimp Subscribe Forms

Name of the Vulnerable Software and Affected Versions: PluginOps MailChimp Subscribe Forms versions n/a through 4.0.9.9 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

WordPress plugin MailChimp Subscribe Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress MailChimp Subscribe Form plugin <= 4.0.9.7 - Stored Cross-Site Scripting vulnerability

Stored Cross-Site Scripting vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin MailChimp Subscribe Forms versions = 4.0.9.7...

WordPress MailChimp Subscribe Forms Plugin <= 4.0.9.9 is vulnerable to Cross Site Scripting (XSS)

Software MailChimp Subscribe Forms Type Plugin Vulnerable versions = 4.0.9.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43211 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b6921b6bb1b6 Credits Steven Julian Required...

Open redirect

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: from n/a through 4.0.9.3...