649 matches found
CVE-2024-5053 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.18 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized Malichimp API key update due to an insufficient capability check on the verifyRequest function in all versions up to, and including, 5.1.18. This makes it...
CVE-2024-5053 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.18 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized Malichimp API key update due to an insufficient capability check on the verifyRequest function in all versions up to, and including, 5.1.18. This makes it...
CVE-2024-5053
CVE-2024-5053 affects the Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder on WordPress. Root cause is an insufficient capability check in verifyRequest, enabling Form Managers with Subscriber+ roles to modify the Mailchimp API key and potentially redirect int...
WordPress plugin Fluent Forms 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...
PT-2024-34307 · Unknown · Fluent Forms
Name of the Vulnerable Software and Affected Versions: Fluent Forms versions up to, and including, 5.1.18 Description: The issue is related to an insufficient capability check on the verifyRequest function, allowing Form Managers with a Subscriber-level access and above to modify the Mailchimp AP...
WordPress MailChimp Subscribe Form plugin <= 4.0.9.7 - Stored Cross-Site Scripting vulnerability
Stored Cross-Site Scripting vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin MailChimp Subscribe Forms versions = 4.0.9.7...
WordPress MailChimp Subscribe Forms Plugin <= 4.0.9.9 is vulnerable to Cross Site Scripting (XSS)
Software MailChimp Subscribe Forms Type Plugin Vulnerable versions = 4.0.9.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43211 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b6921b6bb1b6 Credits Steven Julian Required...
CVE-2024-6491
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimpapikeymanage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2024-6491
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimpapikeymanage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2024-6489
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getgoogleapikey function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access a...
CVE-2024-6489
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getgoogleapikey function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access a...
CVE-2024-6489 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authorization to Google API key update
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getgoogleapikey function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access a...
CVE-2024-6489 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authorization to Google API key update
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getgoogleapikey function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access a...
CVE-2024-6491 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authentication to MailChimp API key update
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimpapikeymanage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2024-6491 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authentication to MailChimp API key update
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimpapikeymanage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level...
PT-2024-37663 · WordPress · Getwid
Name of the Vulnerable Software and Affected Versions: Getwid – Gutenberg Blocks plugin for WordPress versions up to, and including, 2.0.10 Description: The issue allows unauthorized modification of data due to a missing capability check on the get google api key function. This makes it possible...
PT-2024-37665 · WordPress · Getwid
Name of the Vulnerable Software and Affected Versions: Getwid – Gutenberg Blocks plugin for WordPress versions up to, and including, 2.0.10 Description: The issue allows unauthorized modification of data due to a missing capability check on the mailchimp api key manage function. This makes it...
MAL-2024-7087 Malicious code in auth0-mailchimp-export (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c2f2ab30602da138b3668767294a045502dabcc11b0db0aa9c89dd18de4ab0f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in auth0-mailchimp-export (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c2f2ab30602da138b3668767294a045502dabcc11b0db0aa9c89dd18de4ab0f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested
A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today...