Cross site request forgery (csrf)

The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for...

CVE-2022-2556 MailChimp for Woocommerce < 2.7.2 - Admin+ SSRF

The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for...

CVE-2022-2556

The CVE-2022-2556 issue affects the Mailchimp for WooCommerce WordPress plugin prior to 2.7.2. An authenticated AJAX action allows high-privilege users to make the server perform a POST to an internal LAN, and the request body is echoed in the response, enabling SSRF against private network resou...

CVE-2022-2267 MailChimp for Woocommerce < 2.7.1 - Subscriber+ SSRF

The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users such as subscriber to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan priva...

CVE-2022-2267

The CVE-2022-2267 entry concerns the WordPress plugin Mailchimp for WooCommerce (versions prior to 2.7.1). A vulnerable AJAX action allows any logged-in user (e.g., subscribers) to make a server-side POST request to the internal network/LAN, with the request body echoed back in the response. This...

WordPress plugin Mailchimp for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress plugin Mailchimp for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2022-15618 · WordPress · Mailchimp For Woocommerce

Name of the Vulnerable Software and Affected Versions: Mailchimp for WooCommerce WordPress plugin versions prior to 2.7.1 Description: The issue allows any logged-in users, such as subscribers, to perform a POST request on behalf of the server to the internal network/LAN. The body of the request ...

PT-2022-17367 · WordPress · Mailchimp For Woocommerce

Name of the Vulnerable Software and Affected Versions: Mailchimp for WooCommerce WordPress plugin versions prior to 2.7.2 Description: The issue allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN. The body of the request is also appended to t...

WordPress Mailchimp for WooCommerce plugin <= 2.7.1 - Authenticated Server-Side Request Forgery (SSRF) vulnerability

Authenticated Server-Side Request Forgery SSRF vulnerability discovered by Miguel Xavier Penha Neto in WordPress Mailchimp for WooCommerce plugin versions = 2.7.1. Solution Update the WordPress MailChimp For WooCommerce plugin to the latest available version at least 2.7.2...

WordPress Mailchimp for WooCommerce plugin <= 2.7 - Authenticated Server-Side Request Forgery (SSRF) vulnerability

Authenticated Server-Side Request Forgery SSRF vulnerability discovered by Miguel Xavier Penha Neto in WordPress Mailchimp for WooCommerce plugin versions = 2.7. Solution Update the WordPress MailChimp For WooCommerce plugin to the latest available version at least 2.7.1...

MailChimp for Woocommerce < 2.7.2 - Admin+ SSRF

The plugin has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example PoC As an admin:...

MailChimp for Woocommerce < 2.7.1 - Subscriber+ SSRF

The plugin has an AJAX action that allows any logged in users such as subscriber to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example As any logged in user:...

MailChimp for Woocommerce < 2.7.1 - Subscriber+ SSRF

The plugin has an AJAX action that allows any logged in users such as subscriber to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example PoC As any logged in user:...

MailChimp for Woocommerce < 2.7.2 - Admin+ SSRF

The plugin has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example As an admin:...

WordPress plugin Metform information leakage vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Metform is vulnerable to an information disclosure vulnerability, which stems from...

CVE-2022-1442

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...

CVE-2022-1442

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...

Improper access control

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...

CVE-2022-1442

CVE-2022-1442 affects the WordPress Metform plugin up to version 2.1.3. The vulnerability stems from improper access control in the ~/core/forms/action.php file, allowing an unauthenticated attacker to view API keys and secrets for multiple integrated third‑party services (e.g., PayPal, Stripe, M...