WordPress WP Optin Wheel plugin <= 1.3.4 - Information Disclosure vulnerability (Mailchimp lists, logs)

Information Disclosure vulnerability Mailchimp lists, logs discovered in WordPress WP Optin Wheel plugin versions = 1.3.4. Solution Update the WordPress WP Optin Wheel plugin to the latest available version at least 1.3.5...

Easy Forms for Mailchimp < 6.8.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the fieldname and fieldtype parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues alert/XSS-fieldname/' / alert/XSS-fieldtype/' / var form1 = document.getElementById'hack'; form1.submit;...

Easy Forms for Mailchimp < 6.8.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the fieldname and fieldtype parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues PoC...

WordPress Easy Forms for Mailchimp plugin <= 6.8.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Easy Forms for Mailchimp plugin versions = 6.8.5. Solution Update the WordPress Easy Forms for Mailchimp plugin to the latest available version at least 6.8.6...

Gigabyte Allegedly Hit by AvosLocker Ransomware

The AvosLocker ransomware gang is claiming that it breached tech giant Gigabyte and has leaked a sample of what it claims are files stolen from the Taiwanese company’s network. It’s offering to sell the rest. On Wednesday, the gang posted a “press release” announcing that it had purportedly gutte...

MC4WP: Mailchimp for WordPress < 4.8.5 - Unauthorised Actions via CSRF

The plugin did not properly check for CSRF in some of its actions handled by the listenforactions method hooked as admininit, allowing attackers to make logged in users with the manageoptions capability do unwanted actions such as empty the logs, dismiss notice and so on PoC...

MC4WP: Mailchimp for WordPress < 4.8.5 - Authenticated Arbitrary Redirect

The plugin did not properly check for CSRF in some of its actions handled by the listenforactions method hooked as admininit, allowing attackers to make logged in users with the manageoptions capability do unwanted actions and redirect them to an arbitrary website after PoC...

MC4WP: Mailchimp for WordPress < 4.8.5 - Unauthorised Actions via CSRF

The plugin did not properly check for CSRF in some of its actions handled by the listenforactions method hooked as admininit, allowing attackers to make logged in users with the manageoptions capability do unwanted actions such as empty the logs, dismiss notice and so on...

MC4WP: Mailchimp for WordPress < 4.8.5 - Authenticated Arbitrary Redirect

The plugin did not properly check for CSRF in some of its actions handled by the listenforactions method hooked as admininit, allowing attackers to make logged in users with the manageoptions capability do unwanted actions and redirect them to an arbitrary website after...

Schlix CMS 2.2.6-6 Remote Code Execution

Exploit Title: Schlix CMS 2.2.6-6 - Remote Code Execution Authenticated Date: 2021-05-06 Exploit Author: Eren Saraç Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.6-6.zip Version: 2.2.6-6 Tested on: Windows & WampServer ==...

Schlix CMS 2.2.6-6 - Remote Code Execution (Authenticated)

Exploit Title: Schlix CMS 2.2.6-6 - Remote Code Execution Authenticated Date: 2021-05-06 Exploit Author: Eren Saraç Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.6-6.zip Version: 2.2.6-6 Tested on: Windows & WampServer ==...

Interpol Arrests 3 Nigerian BEC Scammers For Targeting Over 500,000 Entities

Three Nigerian citizens suspected of being members of an organized cybercrime group behind distributing malware, carrying out phishing campaigns, and extensive Business Email Compromise BEC scams have been arrested in the city of Lagos, Interpol reported yesterday. The investigation, dubbed...

WordPress Easy Forms for Mailchimp plugin <= 6.6.2 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability discovered in WordPress Easy Forms for Mailchimp plugin versions = 6.6.2. Solution Update the WordPress Easy Forms for Mailchimp plugin to the latest available version at least 6.6.3...

Easy Forms for Mailchimp < 6.6.3 - Authenticated Cross-Site Scripting (XSS)

The Easy Forms for Mailchimp WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...

Stripo Inc: Clickjacking on my.stripo.email for MailChimp credentials

Clickjacking is a malicious hacking technique where attackers can acquire sensitive data. Through simple social engineering techniques these links can be sent out to unsuspecting customers to steal their credentials or perform actions on their accounts. For this example I saw that where I goto...

WordPress YITH WooCommerce Mailchimp plugin <=2.1.3 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability

Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Mailchimp plugin versions =2.1.3. Solution Update the WordPress YITH WooCommerce Mailchimp plugin to the latest available version at least 2.1.4...

WordPress mailchimp-for-wp plugin cross-site scripting vulnerability (CNVD-2019-35215)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. mailchimp-for-wp is a plugin used to send e-mail to subscribers. A cross-site scripting vulnerability exists in WordPress...

Drupal PHPUnit/Mailchimp Code Execution Vulnerability

The instance of Drupal running on the remote host is affected by a command execution vulnerability. A remote, unauthenticated attacker can exploit this issue, via a specially crafted HTTP request, to execute commands on the remote host. No source data...

WordPress Easy Forms for Mailchimp Plugin < 6.5.3 Code Injection Vulnerability

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

Drupal PHPUnit/Mailchimp Code Execution Vulnerability

Binary data drupalcve-2017-9841.nbin...