WordPress Plugin Easy Forms for Mailchimp 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress Easy Forms for Mailchimp Plugin < 6.8.8 is vulnerable to Cross Site Scripting (XSS)

Software Easy Forms for Mailchimp Type Plugin Vulnerable versions 6.8.8 Fixed in 6.8.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1324 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID c14e208dddfc Credits Erwan LR WPScan...

WordPress Easy Forms for Mailchimp Plugin < 6.8.7 is vulnerable to Cross Site Scripting (XSS)

Software Easy Forms for Mailchimp Type Plugin Vulnerable versions 6.8.7 Fixed in 6.8.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1325 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID bd41da1d02a4 Credits Erwan LR...

Easy Forms for MailChimp < 6.8.8 - Reflected XSS

The plugin does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the following code this requires the attacker...

Easy Forms for MailChimp < 6.8.8 - Reflected XSS

The plugin does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the following code this requires the attacker to...

Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the below shortcodes i...

Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the below shortcod...

WordPress plugin Easy Forms for Mailchimp 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

Easy Forms for MailChimp < 6.8.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Edit a form and put the following payload i...

Easy Forms for MailChimp < 6.8.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Edit a form and put the following paylo...

Mailchimp breach feels like deja vu

A threat actor successfully used compromised employee credentials to gain access to 133 accounts on Mailchimp, the mainstream Intuit-owned email marketing platform, in a security incident that recently came to light. "On January 11, the Mailchimp Security team identified an unauthorized actor...

Mailchimp Suffers Another Security Breach Compromising Some Customers' Information

Popular email marketing and newsletter service Mailchimp has disclosed yet another security breach that enabled threat actors to access an internal support and account admin tool to obtain information about 133 customers. "The unauthorized actor conducted a social engineering attack on Mailchimp...

Mailchimp Suffers Another Security Breach Compromising Some Customers' Information

Popular email marketing and newsletter service Mailchimp has disclosed yet another security breach that enabled threat actors to access an internal support and account admin tool to obtain information about 133 customers. "The unauthorized actor conducted a social engineering attack on Mailchimp...

Why Do User Permissions Matter for SaaS Security?

Earlier this year, threat actors infiltrated Mailchimp, the popular SaaS email marketing platform. They viewed over 300 Mailchimp customer accounts and exported audience data from 102 of them. The breach was preceded by a successful phishing attempt and led to malicious attacks against Mailchimp'...

CVE-2022-3805

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

CVE-2022-3805

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

Authorization

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

CVE-2022-3805 Jeg Elementor Kit <= 2.5.6 - Unauthenticated Authorization Bypass

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

PT-2022-24175

Name of the Vulnerable Software and Affected Versions Jeg Elementor Kit plugin for WordPress versions up to, and including, 2.5.6 Description The issue allows unauthenticated users to bypass authorization and update plugin settings, including the MailChimp API key, global styles, 404 page setting...

WordPress plugin Jeg Elementor Kit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...