649 matches found
CVE-2024-9210
CVE-2024-9210 MC4WP: Mailchimp Top Bar (WordPress plugin) versions
WordPress MC4WP: Mailchimp Top Bar plugin <= 1.6.0 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin MC4WP: Mailchimp Top Bar versions = 1.6.0...
WordPress plugin MC4WP: Mailchimp Top Bar 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin MC4WP: A cross-site scripting vulnerability exists in Mailchim...
WordPress MC4WP: Mailchimp Top Bar Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)
Software MC4WP: Mailchimp Top Bar Type Plugin Vulnerable versions = 1.6.0 Fixed in 1.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9210 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c51682c76135 Credits vgo0...
CVE-2024-8628 Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin <= 1.2.70.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-meta' shortcode in all versions up to, and including, 1.2.70.3 due to insufficient input sanitization and output escaping o...
WordPress MailChimp for Wordpress plugin <= 4.9.16 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Jorge Diaz ddiax in WordPress Plugin MC4WP versions = 4.9.16...
CVE-2024-8680
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-8680
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-8680
CVE-2024-8680 affects the MC4WP: Mailchimp for WordPress plugin for WordPress, vulnerable in all versions up to and including 4.9.16. The issue is a stored Cross-Site Scripting (XSS) flaw caused by insufficient input sanitization and output escaping in admin settings, exploitable by authenticated...
CVE-2024-8680 MailChimp for Wordpress <= 4.9.16 - Authenticated (Administrator+) Stored Cross-Site Scripting
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-8680 MailChimp for Wordpress <= 4.9.16 - Authenticated (Administrator+) Stored Cross-Site Scripting
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress plugin MailChimp for WordPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...
CVE-2024-8850
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email' parameter when a placeholder such as email is used for the field in versions 4.9.9 to 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible f...
CVE-2024-8850
MC4WP: Mailchimp for WordPress (WordPress plugin) is affected by CVE-2024-8850 for versions 4.9.9–4.9.16, due to insufficient input sanitization and output escaping in the email parameter (with placeholders like {email}), enabling reflected XSS when a user clicks a crafted link. Unauthenticated a...
CVE-2024-8850 MC4WP: Mailchimp for WordPress 4.9.9 - 4.9.16 - Reflected Cross-Site Scripting
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email' parameter when a placeholder such as email is used for the field in versions 4.9.9 to 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible f...
CVE-2024-8850 MC4WP: Mailchimp for WordPress 4.9.9 - 4.9.16 - Reflected Cross-Site Scripting
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email' parameter when a placeholder such as email is used for the field in versions 4.9.9 to 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible f...
PT-2024-39275 · WordPress · Mc4Wp: Mailchimp For Wordpress
Name of the Vulnerable Software and Affected Versions: MC4WP: Mailchimp for WordPress plugin for WordPress versions 4.9.9 through 4.9.16 Description: The issue is related to Reflected Cross-Site Scripting via the email parameter when a placeholder such as email is used for the field. This is due ...
WordPress Fluentform plugin <= 5.1.18 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Mailchimp Integration Modification vulnerability discovered by Tobias Weißhaar kun19 in WordPress Plugin FluentForm versions = 5.1.18...
CVE-2024-5053
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized Malichimp API key update due to an insufficient capability check on the verifyRequest function in all versions up to, and including, 5.1.18. This makes it...
CVE-2024-5053
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized Malichimp API key update due to an insufficient capability check on the verifyRequest function in all versions up to, and including, 5.1.18. This makes it...