Lucene search
K

649 matches found

Cvelist
Cvelist
added 2024/09/01 10:58 a.m.45 views

CVE-2024-5053 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.18 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized Malichimp API key update due to an insufficient capability check on the verifyRequest function in all versions up to, and including, 5.1.18. This makes it...

4.2CVSS0.00402EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/09/01 10:58 a.m.11 views

CVE-2024-5053 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.18 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized Malichimp API key update due to an insufficient capability check on the verifyRequest function in all versions up to, and including, 5.1.18. This makes it...

4.2CVSS6.6AI score0.00402EPSS
Exploits0References4
CVE
CVE
added 2024/09/01 10:58 a.m.79 views

CVE-2024-5053

CVE-2024-5053 affects the Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder on WordPress. Root cause is an insufficient capability check in verifyRequest, enabling Form Managers with Subscriber+ roles to modify the Mailchimp API key and potentially redirect int...

4.3CVSS4.7AI score0.00402EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/09/01 12:0 a.m.6 views

WordPress plugin Fluent Forms 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...

4.3CVSS6.7AI score0.00402EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/09/01 12:0 a.m.5 views

PT-2024-34307 · Unknown · Fluent Forms

Name of the Vulnerable Software and Affected Versions: Fluent Forms versions up to, and including, 5.1.18 Description: The issue is related to an insufficient capability check on the verifyRequest function, allowing Form Managers with a Subscriber-level access and above to modify the Mailchimp AP...

4.3CVSS6.7AI score0.00402EPSS
Exploits0References21
Patchstack
Patchstack
added 2024/08/09 11:3 a.m.6 views

WordPress MailChimp Subscribe Form plugin <= 4.0.9.7 - Stored Cross-Site Scripting vulnerability

Stored Cross-Site Scripting vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin MailChimp Subscribe Forms versions = 4.0.9.7...

5.9CVSS5.8AI score0.00325EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/09 12:0 a.m.12 views

WordPress MailChimp Subscribe Forms Plugin <= 4.0.9.9 is vulnerable to Cross Site Scripting (XSS)

Software MailChimp Subscribe Forms Type Plugin Vulnerable versions = 4.0.9.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43211 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b6921b6bb1b6 Credits Steven Julian Required...

5.9CVSS5.8AI score0.00325EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/07/20 7:15 a.m.4 views

CVE-2024-6491

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimpapikeymanage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS5.8AI score
Exploits0References3
NVD
NVD
added 2024/07/20 7:15 a.m.40 views

CVE-2024-6491

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimpapikeymanage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS0.00378EPSS
Exploits0References3
OSV
OSV
added 2024/07/20 7:15 a.m.5 views

CVE-2024-6489

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getgoogleapikey function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access a...

5.3CVSS5.8AI score0.00298EPSS
Exploits0References2
NVD
NVD
added 2024/07/20 7:15 a.m.37 views

CVE-2024-6489

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getgoogleapikey function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access a...

5.3CVSS0.00298EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/20 6:43 a.m.11 views

CVE-2024-6489 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authorization to Google API key update

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getgoogleapikey function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access a...

5.3CVSS6.4AI score0.00298EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/20 6:43 a.m.45 views

CVE-2024-6489 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authorization to Google API key update

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getgoogleapikey function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access a...

5.3CVSS0.00298EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/20 6:43 a.m.13 views

CVE-2024-6491 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authentication to MailChimp API key update

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimpapikeymanage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS6.4AI score0.00378EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/20 6:43 a.m.42 views

CVE-2024-6491 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authentication to MailChimp API key update

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimpapikeymanage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS0.00378EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/20 12:0 a.m.4 views

PT-2024-37663 · WordPress · Getwid

Name of the Vulnerable Software and Affected Versions: Getwid – Gutenberg Blocks plugin for WordPress versions up to, and including, 2.0.10 Description: The issue allows unauthorized modification of data due to a missing capability check on the get google api key function. This makes it possible...

5.3CVSS6.5AI score0.00298EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/07/20 12:0 a.m.6 views

PT-2024-37665 · WordPress · Getwid

Name of the Vulnerable Software and Affected Versions: Getwid – Gutenberg Blocks plugin for WordPress versions up to, and including, 2.0.10 Description: The issue allows unauthorized modification of data due to a missing capability check on the mailchimp api key manage function. This makes it...

4.3CVSS6.5AI score0.00378EPSS
Exploits0References8
OSV
OSV
added 2024/06/30 5:5 a.m.16 views

MAL-2024-7087 Malicious code in auth0-mailchimp-export (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c2f2ab30602da138b3668767294a045502dabcc11b0db0aa9c89dd18de4ab0f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/30 5:5 a.m.3 views

Malicious code in auth0-mailchimp-export (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c2f2ab30602da138b3668767294a045502dabcc11b0db0aa9c89dd18de4ab0f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Krebs on Security
Krebs on Security
added 2024/06/15 11:40 p.m.38 views

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today...

7.8AI score
Exploits0
Rows per page
Query Builder