649 matches found
Easy Forms for Mailchimp < 6.8.9 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. When the debug settings is enabled ie...
WordPress MailChimp Subscribe Forms Plugin <= 4.0.9.1 is vulnerable to Cross Site Scripting (XSS)
Software MailChimp Subscribe Forms Type Plugin Vulnerable versions = 4.0.9.1 Fixed in 4.0.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-33328 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 713b44e2af64 Credits Rio...
WordPress Easy Forms for Mailchimp Plugin <= 6.8.8 is vulnerable to Cross Site Scripting (XSS)
Software Easy Forms for Mailchimp Type Plugin Vulnerable versions = 6.8.8 Fixed in 6.8.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23900 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID d4b18f8ce4ea Credits Rafie...
Why High Tech Companies Struggle with SaaS Security
It's easy to think high-tech companies have a security advantage over other older, more mature industries. Most are unburdened by 40 years of legacy systems and software. They draw some of the world's youngest, brightest digital natives to their ranks, all of whom consider cybersecurity issues...
WordPress MailChimp Subscribe Forms Plugin <= 4.0.9.3 is vulnerable to Open Redirection
Software MailChimp Subscribe Forms Type Plugin Vulnerable versions = 4.0.9.3 Fixed in 4.0.9.4 OWASP Top 10 A6: Security Misconfiguration Classification Open Redirection CVE CVE-2023-32517 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID c02b44f266ce Credits minhtuanact...
CVE-2023-1324
The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-1324
The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Cross site scripting
The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-1324 Easy Forms for MailChimp < 6.8.8 - Reflected XSS
The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-1324 Easy Forms for MailChimp < 6.8.8 - Reflected XSS
The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-1324
The CVE-2023-1324 entry concerns the Easy Forms for Mailchimp WordPress plugin (versions prior to 6.8.8). The vulnerability is a Reflected Cross-Site Scripting caused by insufficient sanitisation/escaping of certain parameters before echoing them in responses, which could be exploited against hig...
PT-2023-16896 · WordPress · Easy Forms For Mailchimp
Name of the Vulnerable Software and Affected Versions: Easy Forms for Mailchimp WordPress plugin versions prior to 6.8.8 Description: The issue is related to a Reflected Cross-Site Scripting problem, where some parameters are not properly sanitised and escaped before being outputted in the...
WordPress plugin Easy Forms for Mailchimp 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
WordPress Easy Forms for Mailchimp Plugin < 6.8.7 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:yikesinc:easyformsformailchimp"; ifdescription...
CVE-2023-1325
The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...
CVE-2023-1325
The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...
Cross site scripting
The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...
CVE-2023-1325 Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS
The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...
CVE-2023-1325 Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS
The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...
CVE-2023-1325
The CVE-2023-1325 issue affects the WordPress plugin Easy Forms for Mailchimp, with versions before 6.8.7. The root cause is insufficient validation and escaping of shortcode attributes, which are echoed back into pages/posts, enabling Stored XSS for users with contributor privileges and above. T...