Lucene search
K

649 matches found

CNNVD
CNNVD
added 2025/04/01 12:0 a.m.2 views

WordPress plugin Nmedia MailChimp 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS7.9AI score0.00249EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.4 views

PT-2025-14040 · Unknown · Nmedia Mailchimp

Name of the Vulnerable Software and Affected Versions: Nmedia MailChimp versions n/a through 5.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means an attacker can inject malicio...

6.5CVSS8.9AI score0.00249EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/03/27 9:32 p.m.4 views

WordPress Nmedia MailChimp plugin <= 5.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Nmedia MailChimp versions = 5.4...

6.5CVSS6.2AI score0.00249EPSS
Exploits0Affected Software1
Malwarebytes
Malwarebytes
added 2025/03/26 9:3 p.m.14 views

Security expert Troy Hunt hit by phishing attack

Internet security expert and educator Troy Hunt disclosed this week that he had been hit by one of the oldest—and most proven—scams in the online world: A phishing attack. Through an automated attack disguised as a notice from Hunt’s chosen newsletter provider Mailchimp, scammers stole roughly...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/28 10:24 a.m.25 views

12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training

A dataset used to train large language models LLMs has been found to contain nearly 12,000 live secrets, which allow for successful authentication. The findings once again highlight how hard-coded credentials pose a severe security risk to users and organizations alike, not to mention compounding...

7.1AI score
Exploits0
OSV
OSV
added 2025/02/25 10:15 a.m.4 views

CVE-2024-13693

The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9. This makes it possible for unauthenticated attackers to export all avia settings which may included sensitive...

5.3CVSS5.8AI score0.00307EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/25 12:0 a.m.5 views

PT-2025-7820 · WordPress · Enfold

Name of the Vulnerable Software and Affected Versions: Enfold theme for WordPress versions up to, and including, 6.0.9 Description: The issue allows unauthorized access to data due to a missing capability check in the avia-export-class.php file. This enables unauthenticated attackers to export al...

5.3CVSS9.4AI score0.00307EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/02/06 2:36 a.m.6 views

CVE-2025-23675

Cross-Site Request Forgery CSRF vulnerability in Sana Ullah Import Users to MailChimp import-users-to-mailchimp allows Stored XSS.This issue affects Import Users to MailChimp: from n/a through = 1.0...

7.1CVSS7.2AI score0.0017EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 12:47 a.m.12 views

CVE-2022-3805

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

8.6CVSS6.7AI score0.01594EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:8 p.m.13 views

CVE-2024-25095

Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0...

7.5CVSS6.9AI score0.00421EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:44 a.m.7 views

CVE-2024-49285

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Jeroen Berkvens SSV MailChimp ssv-mailchimp allows PHP Local File Inclusion.This issue affects SSV MailChimp: from n/a through = 3.1.5...

7.5CVSS5.9AI score0.0051EPSS
Exploits0References1
NVD
NVD
added 2025/01/21 2:15 p.m.16 views

CVE-2025-22727

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginOps MailChimp Subscribe Forms mailchimp-subscribe-sm allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through = 4.1...

6.5CVSS0.00225EPSS
Exploits0References1
CVE
CVE
added 2025/01/21 1:57 p.m.61 views

CVE-2025-22727

CVE-2025-22727 is an authenticated Stored XSS vulnerability in MailChimp Subscribe Forms (WordPress) plugins, affecting versions up to 4.1. Public sources (Red Hat/Wordfence) indicate the issue has a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L) and that a patch has been issue...

6.5CVSS7.2AI score0.00225EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/21 1:57 p.m.21 views

CVE-2025-22727 WordPress MailChimp Subscribe Form plugin <= 4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginOps MailChimp Subscribe Forms mailchimp-subscribe-sm allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through = 4.1...

6.5CVSS0.00225EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/21 12:0 a.m.6 views

PT-2025-4652 · Unknown · Pluginops Mailchimp Subscribe Forms

Name of the Vulnerable Software and Affected Versions: PluginOps MailChimp Subscribe Forms versions prior to 4.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means an attacker can inject...

6.5CVSS9.1AI score0.00225EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/01/21 12:0 a.m.5 views

WordPress plugin MailChimp Subscribe Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS7.7AI score0.00225EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/01/16 8:15 p.m.4 views

CVE-2025-23675

Cross-Site Request Forgery CSRF vulnerability in Sana Ullah Import Users to MailChimp import-users-to-mailchimp allows Stored XSS.This issue affects Import Users to MailChimp: from n/a through = 1.0...

7.1CVSS7.2AI score0.0017EPSS
Exploits0References3
NVD
NVD
added 2025/01/16 8:15 p.m.15 views

CVE-2025-23675

Cross-Site Request Forgery CSRF vulnerability in Sana Ullah Import Users to MailChimp import-users-to-mailchimp allows Stored XSS.This issue affects Import Users to MailChimp: from n/a through = 1.0...

7.1CVSS0.0017EPSS
Exploits0References1
CVE
CVE
added 2025/01/16 8:6 p.m.48 views

CVE-2025-23675

CVE-2025-23675 is a CSRF-to-Stored XSS issue in the WordPress plugin Import Users to MailChimp (SandyIN). Affected: Import Users to MailChimp plugin (WordPress). Root cause: CSRF enables stored XSS payload execution as described in the CVE entry and corroborated by Red Hat and Wordfence reference...

7.1CVSS7.2AI score0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/16 8:6 p.m.20 views

CVE-2025-23675 WordPress Import Users to MailChimp plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Sana Ullah Import Users to MailChimp import-users-to-mailchimp allows Stored XSS.This issue affects Import Users to MailChimp: from n/a through = 1.0...

7.1CVSS0.0017EPSS
Exploits0References1
Rows per page
Query Builder