Lucene search
K

63 matches found

Vulnrichment
Vulnrichment
added 2023/04/24 6:30 p.m.9 views

CVE-2023-1324 Easy Forms for MailChimp < 6.8.8 - Reflected XSS

The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6AI score0.00559EPSS
Exploits2References1
CVE
CVE
added 2023/04/24 6:30 p.m.63 views

CVE-2023-1324

The CVE-2023-1324 entry concerns the Easy Forms for Mailchimp WordPress plugin (versions prior to 6.8.8). The vulnerability is a Reflected Cross-Site Scripting caused by insufficient sanitisation/escaping of certain parameters before echoing them in responses, which could be exploited against hig...

6.1CVSS6.1AI score0.00559EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/04/24 12:0 a.m.14 views

WordPress plugin Easy Forms for Mailchimp 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.1CVSS6.3AI score0.00559EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/04/24 12:0 a.m.7 views

PT-2023-16896 · WordPress · Easy Forms For Mailchimp

Name of the Vulnerable Software and Affected Versions: Easy Forms for Mailchimp WordPress plugin versions prior to 6.8.8 Description: The issue is related to a Reflected Cross-Site Scripting problem, where some parameters are not properly sanitised and escaped before being outputted in the...

6.1CVSS6.3AI score0.00559EPSS
Exploits2References6
Prion
Prion
added 2023/04/17 1:15 p.m.22 views

Cross site scripting

The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...

4.9CVSS5.4AI score0.00529EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/17 12:17 p.m.14 views

CVE-2023-1325 Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS

The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...

6.1AI score0.00529EPSS
Exploits2References1
OSV
OSV
added 2023/04/17 12:17 p.m.18 views

CVE-2023-1325 Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS

The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...

5.4CVSS6.8AI score0.00529EPSS
Exploits2References4
CVE
CVE
added 2023/04/17 12:17 p.m.65 views

CVE-2023-1325

The CVE-2023-1325 issue affects the WordPress plugin Easy Forms for Mailchimp, with versions before 6.8.7. The root cause is insufficient validation and escaping of shortcode attributes, which are echoed back into pages/posts, enabling Stored XSS for users with contributor privileges and above. T...

5.4CVSS5.5AI score0.00529EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/04/12 12:0 a.m.16 views

WordPress Easy Forms for Mailchimp Plugin < 6.8.7 is vulnerable to Cross Site Scripting (XSS)

Software Easy Forms for Mailchimp Type Plugin Vulnerable versions 6.8.7 Fixed in 6.8.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1325 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID bd41da1d02a4 Credits Erwan LR...

5.4CVSS5.7AI score0.00529EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2023/04/12 12:0 a.m.11 views

WordPress Easy Forms for Mailchimp Plugin < 6.8.8 is vulnerable to Cross Site Scripting (XSS)

Software Easy Forms for Mailchimp Type Plugin Vulnerable versions 6.8.8 Fixed in 6.8.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1324 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID c14e208dddfc Credits Erwan LR WPScan...

6.1CVSS5.7AI score0.00559EPSS
Exploits2References2Affected Software1
wpexploit
wpexploit
added 2023/03/29 12:0 a.m.142 views

Easy Forms for MailChimp < 6.8.8 - Reflected XSS

The plugin does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the following code this requires the attacker to...

6.1CVSS6.3AI score0.00559EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/09 12:0 a.m.115 views

Easy Forms for MailChimp < 6.8.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Edit a form and put the following payload i...

4.8CVSS5.4AI score0.00444EPSS
Exploits1
CNNVD
CNNVD
added 2022/12/12 12:0 a.m.5 views

WordPress plugin Easy Forms for MailChimp 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.1CVSS5.5AI score0.00545EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2022/01/26 12:0 a.m.15 views

WordPress Easy Forms for Mailchimp Plugin < 6.8.6 XSS Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

6.1CVSS6.3AI score0.01109EPSS
Exploits2References1
CNVD
CNVD
added 2022/01/26 12:0 a.m.22 views

WordPress Easy Forms for Mailchimp plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the Easy Forms for Mailchimp plugin for...

4.3CVSS1.9AI score0.01109EPSS
Exploits2Affected Software1
NVD
NVD
added 2022/01/24 8:15 a.m.27 views

CVE-2021-24985

The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the fieldname and fieldtype parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

6.1CVSS0.01109EPSS
Exploits2References2
Prion
Prion
added 2022/01/24 8:15 a.m.16 views

Cross site scripting

The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the fieldname and fieldtype parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

4.3CVSS6.1AI score0.01109EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2022/01/24 8:1 a.m.28 views

CVE-2021-24985 Easy Forms for Mailchimp < 6.8.6 - Reflected Cross-Site Scripting

The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the fieldname and fieldtype parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

6.2AI score0.01109EPSS
Exploits2References2
CVE
CVE
added 2022/01/24 8:1 a.m.53 views

CVE-2021-24985

CVE-2021-24985 affects WordPress plugin Easy Forms for Mailchimp prior to version 6.8.6. The issue arises because field_name and field_type are not sanitized/escaped when echoed back in attributes, enabling Reflected XSS. The Red Hat and CVE records corroborate this description; remediation is to...

6.1CVSS6AI score0.01109EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2021/12/21 12:0 a.m.23 views

WordPress Easy Forms for Mailchimp plugin <= 6.8.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Easy Forms for Mailchimp plugin versions = 6.8.5. Solution Update the WordPress Easy Forms for Mailchimp plugin to the latest available version at least 6.8.6...

6.1CVSS1.7AI score0.01109EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder