649 matches found
CVE-2022-1442
CVE-2022-1442 affects the WordPress Metform plugin up to version 2.1.3. The vulnerability stems from improper access control in the ~/core/forms/action.php file, allowing an unauthenticated attacker to view API keys and secrets for multiple integrated third‑party services (e.g., PayPal, Stripe, M...
PT-2022-13893
Name of the Vulnerable Software and Affected Versions Metform WordPress plugin versions up to and including 2.1.3 Description The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file. This can be exploited by ...
WordPress plugin Metform 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Metform is vulnerable to an information disclosure vulnerability, which stems from...
Poll Maker < 4.0.2 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfilteredhtml is disallowed Put the following payload in any of the Mailchimp integration settings...
Poll Maker < 4.0.2 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfilteredhtml is disallowed PoC Put the following payload in any of the Mailchimp integration settings...
Server-side Request Forgery (SSRF)
Overview gibbon is a wrapper for MailChimp API 3.0 and Export API Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the concatenation of domains, it's possible to spoof the information and change the root domain via a crafted URL. Remediation Upgrade gibb...
Metform Elementor Contact Form Builder < 2.1.4 - Unauthenticated API keys and Secrets Disclosure
The is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs such as PayPal, Stripe, Mailchimp, Hubspot, HelpScout,...
Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams
Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks. The development was first reported by Bleeping Computer. The company, which was acquired by financial...
WordPress Featured Images in RSS for Mailchimp & More plugin < 1.5.9 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Featured Images in RSS for Mailchimp & More plugin versions 1.5.9. Solution Update the WordPress Featured Images in RSS for Mailchimp & More plugin to the latest available version at least 1.5.9...
WordPress Featured Images in RSS for Mailchimp & More plugin < 1.5.9 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Featured Images in RSS for Mailchimp & More plugin versions 1.5.9. Solution Update the WordPress Featured Images in RSS for Mailchimp & More plugin to the latest available version at least 1.5.9...
WordPress MailChimp Manager plugin <= 1.0.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress MailChimp Manager plugin versions = 1.0.2. Solution No patched version available...
WordPress MailChimp Manager plugin <= 1.0.2 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress MailChimp Manager plugin versions = 1.0.2. Solution No patched version available...
WordPress Easy Forms for Mailchimp plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the Easy Forms for Mailchimp plugin for...
WordPress Easy Forms for Mailchimp Plugin < 6.8.6 XSS Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2021-24985
The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the fieldname and fieldtype parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...
CVE-2021-24985
The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the fieldname and fieldtype parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...
Cross site scripting
The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the fieldname and fieldtype parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...
CVE-2021-24985
CVE-2021-24985 affects WordPress plugin Easy Forms for Mailchimp prior to version 6.8.6. The issue arises because field_name and field_type are not sanitized/escaped when echoed back in attributes, enabling Reflected XSS. The Red Hat and CVE records corroborate this description; remediation is to...
CVE-2021-24985 Easy Forms for Mailchimp < 6.8.6 - Reflected Cross-Site Scripting
The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the fieldname and fieldtype parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...
WordPress plugin 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the Easy Forms for Mailchimp plugin for...