Lucene search
K

649 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:18 a.m.5 views

CVE-2024-8680

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS5.7AI score0.00529EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:38 a.m.10 views

CVE-2024-43211

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginOps MailChimp Subscribe Forms allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through 4.0.9.9...

5.9CVSS6.7AI score0.00325EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 5:48 a.m.7 views

CVE-2023-40203

Missing Authorization vulnerability in MailMunch MailChimp Forms by MailMunch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailChimp Forms by MailMunch: from n/a through 3.1.4...

8.8CVSS8.5AI score0.0056EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:15 a.m.6 views

CVE-2023-47545

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Fatcat Apps Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin = 2.5.4 versions...

5.9CVSS5.6AI score0.00382EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:2 a.m.6 views

CVE-2023-45748

Cross-Site Request Forgery CSRF vulnerability in MailMunch MailChimp Forms by MailMunch plugin = 3.1.4 versions...

8.8CVSS7.1AI score0.00214EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:56 a.m.8 views

CVE-2023-33328

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in PluginOps MailChimp Subscribe Form plugin = 4.0.9.1 versions...

5.9CVSS5.6AI score0.00369EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:10 a.m.10 views

CVE-2023-32517

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: from n/a through 4.0.9.3...

6.1CVSS7AI score0.00351EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:5 a.m.6 views

CVE-2023-3779

The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers...

5.3CVSS6.9AI score0.00487EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:58 a.m.11 views

CVE-2023-1325

The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...

5.4CVSS5.5AI score0.00529EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:53 a.m.7 views

CVE-2023-1324

The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.1AI score0.00559EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:31 a.m.12 views

CVE-2023-1323

The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.8CVSS5.7AI score0.00444EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:28 a.m.8 views

CVE-2023-3709

The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to...

5.3CVSS6.9AI score0.00579EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:6 a.m.7 views

CVE-2022-2556

The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for...

2.7CVSS6.5AI score0.00632EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:54 p.m.8 views

CVE-2022-2267

The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users such as subscriber to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan priva...

4.3CVSS6.7AI score0.00585EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:24 p.m.9 views

CVE-2021-24985

The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the fieldname and fieldtype parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

6.1CVSS6.1AI score0.01109EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/04/03 10:10 a.m.7 views

CVE-2025-30613

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in N-Media Nmedia MailChimp nmedia-mailchimp-widget allows Stored XSS.This issue affects Nmedia MailChimp: from n/a through = 5.4...

6.5CVSS7.2AI score0.00249EPSS
Exploits0References1
NVD
NVD
added 2025/04/01 6:15 a.m.13 views

CVE-2025-30613

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in N-Media Nmedia MailChimp nmedia-mailchimp-widget allows Stored XSS.This issue affects Nmedia MailChimp: from n/a through = 5.4...

6.5CVSS0.00249EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/01 5:31 a.m.13 views

CVE-2025-30613 WordPress Nmedia MailChimp plugin <= 5.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in N-Media Nmedia MailChimp nmedia-mailchimp-widget allows Stored XSS.This issue affects Nmedia MailChimp: from n/a through = 5.4...

6.5CVSS0.00249EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/01 5:31 a.m.7 views

CVE-2025-30613 WordPress Nmedia MailChimp plugin <= 5.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in N-Media Nmedia MailChimp nmedia-mailchimp-widget allows Stored XSS.This issue affects Nmedia MailChimp: from n/a through = 5.4...

6.5CVSS7.3AI score0.00249EPSS
Exploits0References1
CVE
CVE
added 2025/04/01 5:31 a.m.49 views

CVE-2025-30613

CVE-2025-30613 is a Stored XSS in N-Media MailChimp Subscription (Nmedia MailChimp) affecting versions up to 5.4; root cause: improper input neutralization during web page generation. CVSS 3.1 base 6.5 (NETWORK, LOW=AV, UI:R). No remediation details or exploitation status provided in the documents.

6.5CVSS7.2AI score0.00249EPSS
Exploits0References1
Rows per page
Query Builder