3 matches found
CVE-2021-24985
The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the fieldname and fieldtype parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...
CVE-2021-24985
CVE-2021-24985 affects WordPress plugin Easy Forms for Mailchimp prior to version 6.8.6. The issue arises because field_name and field_type are not sanitized/escaped when echoed back in attributes, enabling Reflected XSS. The Red Hat and CVE records corroborate this description; remediation is to...
CVE-2021-24985 Easy Forms for Mailchimp < 6.8.6 - Reflected Cross-Site Scripting
The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the fieldname and fieldtype parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...