Lucene search
K

649 matches found

Github Security Blog
Github Security Blog
added 2022/12/12 3:30 p.m.25 views

yikes-inc-easy-mailchimp-extender Cross-site Scripting vulnerability

A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/addfieldtoform.php. The manipulation of the argument fieldname/mergetag/fieldtype/listid leads to cross site scripting. It...

6.1CVSS4AI score0.00545EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/12/12 3:30 p.m.20 views

GHSA-837V-6VGX-JQCC yikes-inc-easy-mailchimp-extender Cross-site Scripting vulnerability

A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/addfieldtoform.php. The manipulation of the argument fieldname/mergetag/fieldtype/listid leads to cross site scripting. It...

6.1CVSS4.7AI score0.00545EPSS
Exploits0References6
NVD
NVD
added 2022/12/12 2:15 p.m.23 views

CVE-2021-4244

A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/addfieldtoform.php. The manipulation of the argument fieldname/mergetag/fieldtype/listid leads to cross site scripting. It...

6.1CVSS0.00545EPSS
Exploits0References4
OSV
OSV
added 2022/12/12 2:15 p.m.20 views

CVE-2021-4244

A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/addfieldtoform.php. The manipulation of the argument fieldname/mergetag/fieldtype/listid leads to cross site scripting. It...

6.1CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/12/12 12:0 a.m.6 views

PT-2022-11596 · WordPress · Yikes-Inc-Easy-Mailchimp-Extender

Name of the Vulnerable Software and Affected Versions: yikes-inc-easy-mailchimp-extender Plugin versions up to 6.8.5 Description: A vulnerability has been found in the yikes-inc-easy-mailchimp-extender Plugin, affecting an unknown part of the file admin/partials/ajax/add field to form.php. The...

6.1CVSS5.8AI score0.00545EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/12/12 12:0 a.m.3 views

WordPress plugin Easy Forms for MailChimp 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.1CVSS5.5AI score0.00545EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/12/12 12:0 a.m.11 views

CVE-2021-4244 yikes-inc-easy-mailchimp-extender Plugin add_field_to_form.php cross site scripting

A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/addfieldtoform.php. The manipulation of the argument fieldname/mergetag/fieldtype/listid leads to cross site scripting. It...

2.6CVSS6.2AI score0.00545EPSS
Exploits0References4
CVE
CVE
added 2022/12/12 12:0 a.m.85 views

CVE-2021-4244

CVE-2021-4244 affects the yikes-inc-easy-mailchimp-extender WordPress plugin up to version 6.8.5. The vulnerability resides in admin/partials/ajax/add_field_to_form.php where manipulation of the arguments field_name, merge_tag, field_type, or list_id enables cross-site scripting. It can be exploi...

6.1CVSS4.7AI score0.00545EPSS
Exploits0References4Affected Software1
The Hacker News
The Hacker News
added 2022/10/29 10:25 a.m.50 views

Twilio Reveals Another Breach from the Same Hackers Behind the August Hack

Communication services provider Twilio this week disclosed that it experienced another "brief security incident" in June 2022 perpetrated by the same threat actor behind the August hack that resulted in unauthorized access of customer information. The security event occurred on June 29, 2022, the...

1.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/10/28 6:53 p.m.3 views

Malicious code in mailchimp-marketing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ced47308d68b882837e9c6afc3c2cbcf79aae808a317512ebe2c0ed576c0af5d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/10/28 6:53 p.m.4 views

MAL-2022-4453 Malicious code in mailchimp-marketing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ced47308d68b882837e9c6afc3c2cbcf79aae808a317512ebe2c0ed576c0af5d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OpenVAS
OpenVAS
added 2022/10/04 12:0 a.m.17 views

WordPress Mailchimp for WooCommerce Plugin < 2.7.2 SSRF Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

2.7CVSS3.9AI score0.00632EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2022/10/04 12:0 a.m.11 views

WordPress Mailchimp for WooCommerce Plugin < 2.7.1 SSRF Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

4.3CVSS4.8AI score0.00585EPSS
Exploits2References1
OSV
OSV
added 2022/08/29 6:15 p.m.4 views

CVE-2022-2267

The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users such as subscriber to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan priva...

4.3CVSS5.8AI score0.00585EPSS
Exploits2References1
OSV
OSV
added 2022/08/29 6:15 p.m.4 views

CVE-2022-2556

The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for...

2.7CVSS5.8AI score0.00632EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/08/29 6:15 p.m.2 views

CVE-2022-2267

The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users such as subscriber to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan priva...

4.3CVSS5.9AI score0.00585EPSS
Exploits2References2
NVD
NVD
added 2022/08/29 6:15 p.m.18 views

CVE-2022-2267

The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users such as subscriber to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan priva...

4.3CVSS0.00585EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/08/29 6:15 p.m.7 views

CVE-2022-2556

The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for...

2.7CVSS5.9AI score0.00632EPSS
Exploits2References2
NVD
NVD
added 2022/08/29 6:15 p.m.28 views

CVE-2022-2556

The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for...

2.7CVSS0.00632EPSS
Exploits2References1
Prion
Prion
added 2022/08/29 6:15 p.m.20 views

Cross site request forgery (csrf)

The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for...

3.3CVSS3.8AI score0.00632EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder