CVE-2025-12172 Mailchimp List Subscribe Form <= 2.0.0 - Cross-Site Request Forgery to Mailchimp List Change

The Mailchimp List Subscribe Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation on the mailchimpsfchangelistifnecessary function. This makes it possible for unauthenticated attacke...

PT-2026-20580

Name of the Vulnerable Software and Affected Versions Mailchimp List Subscribe Form versions prior to 2.0.1 Description The Mailchimp List Subscribe Form plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by inadequate nonce validation within the mailchimp sf change...

WordPress Mailchimp List Subscribe Form plugin <= 2.0.0 - Cross-Site Request Forgery to Mailchimp List Change vulnerability

Cross-Site Request Forgery to Mailchimp List Change vulnerability discovered by SHIVAM KUMAR in WordPress Plugin Mailchimp List Subscribe Form versions = 2.0.0...

CVE-2025-46238

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rbaer List Last Changes allows Stored XSS. This issue affects List Last Changes: from n/a through 1.2.1...