Lucene search
K

649 matches found

Patchstack
Patchstack
added 2025/01/16 6:42 p.m.3 views

WordPress Import Users to MailChimp plugin <= 1.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin Import Users to MailChimp versions = 1.0...

7.1CVSS6.2AI score0.0017EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/01/16 12:0 a.m.2 views

WordPress plugin Import Users to MailChimp 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

7.1CVSS8.1AI score0.0017EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.7 views

PT-2025-5013 · Mailchimp · Import Users To Mailchimp

Name of the Vulnerable Software and Affected Versions: Import Users to MailChimp versions 1.0 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a we...

7.1CVSS9.3AI score0.0017EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/01/15 10:40 a.m.6 views

WordPress MailChimp Subscribe Form plugin <= 4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis Patchstack Alliance in WordPress Plugin MailChimp Subscribe Forms versions = 4.1...

6.5CVSS6.1AI score0.00225EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/01/07 7:14 a.m.7 views

WordPress Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation vulnerability

Missing Authorization to Unauthenticated DB Table Truncation vulnerability discovered by Lucio Sá in WordPress Plugin Popup – MailChimp, GetResponse and ActiveCampaign Intergrations versions = 3.2.6...

5.3CVSS7AI score0.00324EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/01/07 5:15 a.m.7 views

CVE-2024-12157

The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upcdeletedbrecord' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS0.0096EPSS
Exploits0References2
NVD
NVD
added 2025/01/07 5:15 a.m.7 views

CVE-2024-12158

The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upcdeletedbdata' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated...

5.3CVSS0.00324EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/07 4:22 a.m.6 views

CVE-2024-12158 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation

The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upcdeletedbdata' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated...

5.3CVSS6.8AI score0.00324EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/07 4:22 a.m.17 views

CVE-2024-12158 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation

The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upcdeletedbdata' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated...

5.3CVSS0.00324EPSS
Exploits0References2
CVE
CVE
added 2025/01/07 4:22 a.m.44 views

CVE-2024-12158

CVE-2024-12158 concerns the Popup – MailChimp, GetResponse and ActiveCampaign Integrations WordPress plugin. The vulnerability is a missing capability check on the AJAX action upc_delete_db_data, affecting all versions up to and including 3.2.6. This permits unauthenticated attackers to delete th...

5.3CVSS5.2AI score0.00324EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/07 4:21 a.m.253 views

CVE-2024-12157 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Unauthenticated SQL Injection

The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upcdeletedbrecord' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS0.0096EPSS
Exploits0References2
OSV
OSV
added 2024/12/13 3:15 p.m.4 views

CVE-2023-40203

Missing Authorization vulnerability in MailMunch MailChimp Forms by MailMunch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailChimp Forms by MailMunch: from n/a through 3.1.4...

8.8CVSS5.8AI score0.0056EPSS
Exploits0References1
NVD
NVD
added 2024/12/13 3:15 p.m.12 views

CVE-2023-40203

Missing Authorization vulnerability in MailMunch MailChimp Forms by MailMunch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailChimp Forms by MailMunch: from n/a through 3.1.4...

8.8CVSS0.0056EPSS
Exploits0References1
CVE
CVE
added 2024/12/13 2:24 p.m.49 views

CVE-2023-40203

CVE-2023-40203: WordPress MailChimp Forms by MailMunch

8.8CVSS8.5AI score0.0056EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/12/13 2:24 p.m.20 views

CVE-2023-40203 WordPress MailChimp Forms by MailMunch plugin <= 3.1.4 - Broken Access Control

Missing Authorization vulnerability in MailMunch MailChimp Forms by MailMunch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailChimp Forms by MailMunch: from n/a through 3.1.4...

4.3CVSS0.0056EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.4 views

WordPress plugin MailChimp Forms by MailMunch 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS8.6AI score0.0056EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/13 12:0 a.m.5 views

PT-2024-12864 · Mailmunch · Mailchimp Forms By Mailmunch

Name of the Vulnerable Software and Affected Versions: MailChimp Forms by MailMunch versions prior to 3.1.4 Description: The issue is related to a missing authorization vulnerability in MailChimp Forms by MailMunch, which allows the exploitation of incorrectly configured access control security...

8.8CVSS9.4AI score0.0056EPSS
Exploits0References4
Krebs on Security
Krebs on Security
added 2024/11/21 8:13 p.m.17 views

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. A visu...

7.6AI score
Exploits0
OSV
OSV
added 2024/11/20 7:15 a.m.6 views

CVE-2024-8726

The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS7.5AI score0.00309EPSS
Exploits0References2
CVE
CVE
added 2024/11/20 6:42 a.m.47 views

CVE-2024-8726

CVE-2024-8726 : MailChimp Forms by MailMunch (WordPress) is vulnerable to Reflected Cross-Site Scripting due to improper escaping in URLs via add_query_arg in all versions up to and including 3.2.3. Unauthenticated attackers can inject scripts in pages that a user might trigger by clicking links,...

6.1CVSS6.4AI score0.00309EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder