649 matches found
WordPress Import Users to MailChimp plugin <= 1.0 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin Import Users to MailChimp versions = 1.0...
WordPress plugin Import Users to MailChimp 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
PT-2025-5013 · Mailchimp · Import Users To Mailchimp
Name of the Vulnerable Software and Affected Versions: Import Users to MailChimp versions 1.0 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a we...
WordPress MailChimp Subscribe Form plugin <= 4.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis Patchstack Alliance in WordPress Plugin MailChimp Subscribe Forms versions = 4.1...
WordPress Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation vulnerability
Missing Authorization to Unauthenticated DB Table Truncation vulnerability discovered by Lucio Sá in WordPress Plugin Popup – MailChimp, GetResponse and ActiveCampaign Intergrations versions = 3.2.6...
CVE-2024-12157
The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upcdeletedbrecord' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2024-12158
The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upcdeletedbdata' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated...
CVE-2024-12158 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation
The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upcdeletedbdata' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated...
CVE-2024-12158 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation
The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upcdeletedbdata' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated...
CVE-2024-12158
CVE-2024-12158 concerns the Popup – MailChimp, GetResponse and ActiveCampaign Integrations WordPress plugin. The vulnerability is a missing capability check on the AJAX action upc_delete_db_data, affecting all versions up to and including 3.2.6. This permits unauthenticated attackers to delete th...
CVE-2024-12157 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Unauthenticated SQL Injection
The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upcdeletedbrecord' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2023-40203
Missing Authorization vulnerability in MailMunch MailChimp Forms by MailMunch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailChimp Forms by MailMunch: from n/a through 3.1.4...
CVE-2023-40203
Missing Authorization vulnerability in MailMunch MailChimp Forms by MailMunch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailChimp Forms by MailMunch: from n/a through 3.1.4...
CVE-2023-40203
CVE-2023-40203: WordPress MailChimp Forms by MailMunch
CVE-2023-40203 WordPress MailChimp Forms by MailMunch plugin <= 3.1.4 - Broken Access Control
Missing Authorization vulnerability in MailMunch MailChimp Forms by MailMunch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailChimp Forms by MailMunch: from n/a through 3.1.4...
WordPress plugin MailChimp Forms by MailMunch 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-12864 · Mailmunch · Mailchimp Forms By Mailmunch
Name of the Vulnerable Software and Affected Versions: MailChimp Forms by MailMunch versions prior to 3.1.4 Description: The issue is related to a missing authorization vulnerability in MailChimp Forms by MailMunch, which allows the exploitation of incorrectly configured access control security...
Feds Charge Five Men in ‘Scattered Spider’ Roundup
Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. A visu...
CVE-2024-8726
The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-8726
CVE-2024-8726 : MailChimp Forms by MailMunch (WordPress) is vulnerable to Reflected Cross-Site Scripting due to improper escaping in URLs via add_query_arg in all versions up to and including 3.2.3. Unauthenticated attackers can inject scripts in pages that a user might trigger by clicking links,...