16 matches found
CVE-2026-1781
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the mc4wpaction POST parameter without validation, allowing unauthenticated attackers to force the form to process...
WordPress MC4WP: Mailchimp for WordPress plugin <= 4.11.1 - Missing Authorization to Unauthenticated Arbitrary Subscription Deletion vulnerability
Missing Authorization to Unauthenticated Arbitrary Subscription Deletion vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin MC4WP versions = 4.11.1...
CVE-2026-1781 MC4WP: Mailchimp for WordPress <= 4.11.1 - Missing Authorization to Unauthenticated Arbitrary Subscription Deletion
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the mc4wpaction POST parameter without validation, allowing unauthenticated attackers to force the form to process...
CVE-2026-1781
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the mc4wpaction POST parameter without validation, allowing unauthenticated attackers to force the form to process...
EUVD-2024-49343
Malicious code in bioql PyPI...
CVE-2024-8680
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-8680
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-8680
CVE-2024-8680 affects the MC4WP: Mailchimp for WordPress plugin for WordPress, vulnerable in all versions up to and including 4.9.16. The issue is a stored Cross-Site Scripting (XSS) flaw caused by insufficient input sanitization and output escaping in admin settings, exploitable by authenticated...
WordPress plugin MailChimp for WordPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...
CVE-2024-8850 MC4WP: Mailchimp for WordPress 4.9.9 - 4.9.16 - Reflected Cross-Site Scripting
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email' parameter when a placeholder such as email is used for the field in versions 4.9.9 to 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible f...
CVE-2024-8850 MC4WP: Mailchimp for WordPress 4.9.9 - 4.9.16 - Reflected Cross-Site Scripting
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email' parameter when a placeholder such as email is used for the field in versions 4.9.9 to 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible f...
CVE-2024-8850
MC4WP: Mailchimp for WordPress (WordPress plugin) is affected by CVE-2024-8850 for versions 4.9.9–4.9.16, due to insufficient input sanitization and output escaping in the email parameter (with placeholders like {email}), enabling reflected XSS when a user clicks a crafted link. Unauthenticated a...
CVE-2023-51682
Missing Authorization vulnerability in ibericode MC4WP.This issue affects MC4WP: from n/a through 4.9.9...
MC4WP: Mailchimp for WordPress < 4.8.5 - Authenticated Arbitrary Redirect
The plugin did not properly check for CSRF in some of its actions handled by the listenforactions method hooked as admininit, allowing attackers to make logged in users with the manageoptions capability do unwanted actions and redirect them to an arbitrary website after PoC...
PT-2019-8511
Name of the Vulnerable Software and Affected Versions mailchimp-for-wp plugin versions prior to 4.1.8 Description The issue concerns a problem where the return value of add query arg can be exploited, leading to XSS. Recommendations For versions prior to 4.1.8, update to version 4.1.8 or later to...
CVE-2016-10871
The mailchimp-for-wp plugin before 4.0.11 for WordPress has XSS on the integration settings page...