649 matches found
WordPress plugin Nmedia MailChimp 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-14040 · Unknown · Nmedia Mailchimp
Name of the Vulnerable Software and Affected Versions: Nmedia MailChimp versions n/a through 5.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means an attacker can inject malicio...
WordPress Nmedia MailChimp plugin <= 5.4 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Nmedia MailChimp versions = 5.4...
Security expert Troy Hunt hit by phishing attack
Internet security expert and educator Troy Hunt disclosed this week that he had been hit by one of the oldest—and most proven—scams in the online world: A phishing attack. Through an automated attack disguised as a notice from Hunt’s chosen newsletter provider Mailchimp, scammers stole roughly...
12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training
A dataset used to train large language models LLMs has been found to contain nearly 12,000 live secrets, which allow for successful authentication. The findings once again highlight how hard-coded credentials pose a severe security risk to users and organizations alike, not to mention compounding...
CVE-2024-13693
The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9. This makes it possible for unauthenticated attackers to export all avia settings which may included sensitive...
PT-2025-7820 · WordPress · Enfold
Name of the Vulnerable Software and Affected Versions: Enfold theme for WordPress versions up to, and including, 6.0.9 Description: The issue allows unauthorized access to data due to a missing capability check in the avia-export-class.php file. This enables unauthenticated attackers to export al...
CVE-2025-23675
Cross-Site Request Forgery CSRF vulnerability in Sana Ullah Import Users to MailChimp import-users-to-mailchimp allows Stored XSS.This issue affects Import Users to MailChimp: from n/a through = 1.0...
CVE-2022-3805
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...
CVE-2024-25095
Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0...
CVE-2024-49285
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Jeroen Berkvens SSV MailChimp ssv-mailchimp allows PHP Local File Inclusion.This issue affects SSV MailChimp: from n/a through = 3.1.5...
CVE-2025-22727
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginOps MailChimp Subscribe Forms mailchimp-subscribe-sm allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through = 4.1...
CVE-2025-22727
CVE-2025-22727 is an authenticated Stored XSS vulnerability in MailChimp Subscribe Forms (WordPress) plugins, affecting versions up to 4.1. Public sources (Red Hat/Wordfence) indicate the issue has a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L) and that a patch has been issue...
CVE-2025-22727 WordPress MailChimp Subscribe Form plugin <= 4.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginOps MailChimp Subscribe Forms mailchimp-subscribe-sm allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through = 4.1...
PT-2025-4652 · Unknown · Pluginops Mailchimp Subscribe Forms
Name of the Vulnerable Software and Affected Versions: PluginOps MailChimp Subscribe Forms versions prior to 4.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means an attacker can inject...
WordPress plugin MailChimp Subscribe Forms 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-23675
Cross-Site Request Forgery CSRF vulnerability in Sana Ullah Import Users to MailChimp import-users-to-mailchimp allows Stored XSS.This issue affects Import Users to MailChimp: from n/a through = 1.0...
CVE-2025-23675
Cross-Site Request Forgery CSRF vulnerability in Sana Ullah Import Users to MailChimp import-users-to-mailchimp allows Stored XSS.This issue affects Import Users to MailChimp: from n/a through = 1.0...
CVE-2025-23675
CVE-2025-23675 is a CSRF-to-Stored XSS issue in the WordPress plugin Import Users to MailChimp (SandyIN). Affected: Import Users to MailChimp plugin (WordPress). Root cause: CSRF enables stored XSS payload execution as described in the CVE entry and corroborated by Red Hat and Wordfence reference...
CVE-2025-23675 WordPress Import Users to MailChimp plugin <= 1.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in Sana Ullah Import Users to MailChimp import-users-to-mailchimp allows Stored XSS.This issue affects Import Users to MailChimp: from n/a through = 1.0...