CVE-2023-44024

CVE-2023-44024 describes an SQL injection in the KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) up to version 8.0.3. The flaw is exploitable via a crafted request to the updateCheckoutBehaviour function in supercheckout.php, enabling remote code execution with no auth...

WordPress MailChimp Forms by MailMunch Plugin <= 3.1.4 is vulnerable to Broken Access Control

Software MailChimp Forms by MailMunch Type Plugin Vulnerable versions = 3.1.4 Fixed in 3.1.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-40203 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1430c7736a5b Credits István Márton...

CVE-2023-23900

Unauth. Reflected Cross-Site Scripting XSS vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin = 6.8.8 versions...

CVE-2023-23900

Unauth. Reflected Cross-Site Scripting XSS vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin = 6.8.8 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin = 6.8.8 versions...

CVE-2023-23900 WordPress Easy Forms for Mailchimp Plugin <= 6.8.8 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin = 6.8.8 versions...

CVE-2023-23900

CVE-2023-23900 — WordPress plugin YIKES, Easy Forms for Mailchimp : An unauthenticated, reflected Cross-Site Scripting (XSS) vulnerability affects the plugin versions

CVE-2023-23900 WordPress Easy Forms for Mailchimp Plugin <= 6.8.8 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin = 6.8.8 versions...

WordPress plugin Easy Forms for Mailchimp Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

Exploit for Missing Authorization in Wpmet Metform_Elementor_Contact_Form_Builder

CVE-2022-1442 WordPress Plugin Metform = 2.1.3 - Improper...

WordPress The Royal Elementor Addons Plugin < 1.3.71 Information Disclosure Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:royal-elementor-addons:royalelementoraddons"; if description...

WordPress Essential Addons for Elementor Plugin < 5.8.2 Information Disclosure Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpdeveloper:essentialaddonsforelementor"; ifdescription...

CVE-2023-3779

The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers...

CVE-2023-3779

The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers...

Code injection

The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers...

CVE-2023-3779

The CVE-2023-3779 entry affects the WordPress plugin “Essential Addons for Elementor” (WPDeveloper) for WordPress, indicating that versions up to and including 5.8.1 disclose MailChimp API keys via source code added to pages using the MailChimp block. Root cause: unauthenticated disclosure of API...

CVE-2023-3779

The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers...

CVE-2023-3779 Essential Addons For Elementor <=5.8.1 - Unauthenticated MailChimp API Key Disclosure

The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers...

PT-2023-26109 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons For Elementor plugin for WordPress versions up to, and including, 5.8.1 Description: The issue allows unauthenticated attackers to obtain a site's MailChimp API key due to the plugin adding the API key to the source code ...

WordPress plugin Essential Addons For Elementor 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability...