649 matches found
yikes-inc-easy-mailchimp-extender Cross-site Scripting vulnerability
A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/addfieldtoform.php. The manipulation of the argument fieldname/mergetag/fieldtype/listid leads to cross site scripting. It...
GHSA-837V-6VGX-JQCC yikes-inc-easy-mailchimp-extender Cross-site Scripting vulnerability
A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/addfieldtoform.php. The manipulation of the argument fieldname/mergetag/fieldtype/listid leads to cross site scripting. It...
CVE-2021-4244
A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/addfieldtoform.php. The manipulation of the argument fieldname/mergetag/fieldtype/listid leads to cross site scripting. It...
CVE-2021-4244
A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/addfieldtoform.php. The manipulation of the argument fieldname/mergetag/fieldtype/listid leads to cross site scripting. It...
PT-2022-11596 · WordPress · Yikes-Inc-Easy-Mailchimp-Extender
Name of the Vulnerable Software and Affected Versions: yikes-inc-easy-mailchimp-extender Plugin versions up to 6.8.5 Description: A vulnerability has been found in the yikes-inc-easy-mailchimp-extender Plugin, affecting an unknown part of the file admin/partials/ajax/add field to form.php. The...
WordPress plugin Easy Forms for MailChimp 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2021-4244 yikes-inc-easy-mailchimp-extender Plugin add_field_to_form.php cross site scripting
A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/addfieldtoform.php. The manipulation of the argument fieldname/mergetag/fieldtype/listid leads to cross site scripting. It...
CVE-2021-4244
CVE-2021-4244 affects the yikes-inc-easy-mailchimp-extender WordPress plugin up to version 6.8.5. The vulnerability resides in admin/partials/ajax/add_field_to_form.php where manipulation of the arguments field_name, merge_tag, field_type, or list_id enables cross-site scripting. It can be exploi...
Twilio Reveals Another Breach from the Same Hackers Behind the August Hack
Communication services provider Twilio this week disclosed that it experienced another "brief security incident" in June 2022 perpetrated by the same threat actor behind the August hack that resulted in unauthorized access of customer information. The security event occurred on June 29, 2022, the...
Malicious code in mailchimp-marketing (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ced47308d68b882837e9c6afc3c2cbcf79aae808a317512ebe2c0ed576c0af5d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4453 Malicious code in mailchimp-marketing (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ced47308d68b882837e9c6afc3c2cbcf79aae808a317512ebe2c0ed576c0af5d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
WordPress Mailchimp for WooCommerce Plugin < 2.7.2 SSRF Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
WordPress Mailchimp for WooCommerce Plugin < 2.7.1 SSRF Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2022-2267
The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users such as subscriber to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan priva...
CVE-2022-2556
The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for...
CVE-2022-2267
The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users such as subscriber to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan priva...
CVE-2022-2267
The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users such as subscriber to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan priva...
CVE-2022-2556
The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for...
CVE-2022-2556
The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for...
Cross site request forgery (csrf)
The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for...