EUVD-2026-32056

The Single Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'single-mailchimp' shortcode in all versions up to, and including, 1.4. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes autocomplete, label,...

CVE-2024-8850

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email' parameter when a placeholder such as email is used for the field in versions 4.9.9 to 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible f...

CVE-2023-4925

The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

MC4WP: Mailchimp for WordPress < 4.8.5 - Authenticated Arbitrary Redirect

The plugin did not properly check for CSRF in some of its actions handled by the listenforactions method hooked as admininit, allowing attackers to make logged in users with the manageoptions capability do unwanted actions and redirect them to an arbitrary website after...

CVE-2017-18577

The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS via the return value of addqueryarg...

PT-2019-7667

Name of the Vulnerable Software and Affected Versions mailchimp-for-wp plugin versions prior to 4.0.11 Description The issue concerns a cross-site scripting XSS problem on the integration settings page. Recommendations For versions prior to 4.0.11, update to version 4.0.11 or later to resolve the...