Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

30 matches found

NVD
NVDadded 2026/03/11 2:16 a.m.0 views

CVE-2026-1781

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the mc4wpaction POST parameter without validation, allowing unauthenticated attackers to force the form to process...

6.5CVSS0.00076EPSS
Exploits0References7
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2021-23409

Malware in sbrugna...

4.8CVSS4.9AI score0.00245EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.0 views

EUVD-2023-56382

Malicious code in bioql PyPI...

5.3CVSS9.1AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 3:22 a.m.6 views

CVE-2023-51682

Missing Authorization vulnerability in ibericode MC4WP.This issue affects MC4WP: from n/a through 4.9.9...

5.3CVSS6.9AI score0.00213EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2024/10/02 12:0 a.m.2 views

PT-2024-39492 · WordPress · Mc4Wp: Mailchimp Top Bar

Name of the Vulnerable Software and Affected Versions: MC4WP: Mailchimp Top Bar plugin for WordPress versions up to, and including, 1.6.0 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows...

6.1CVSS6.8AI score0.01684EPSS
Exploits0References10
Patchstack
Patchstackadded 2024/09/23 12:0 a.m.8 views

WordPress MC4WP Plugin <= 4.9.16 is vulnerable to Cross Site Scripting (XSS)

Software MC4WP Type Plugin Vulnerable versions = 4.9.16 Fixed in 4.9.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8680 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9afe0c8406de Credits Jorge Diaz ddiax Required...

5.5CVSS5.8AI score0.00269EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2024/09/21 9:15 a.m.12 views

CVE-2024-8680

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS0.00269EPSS
Exploits0References5
CVE
CVEadded 2024/09/21 8:35 a.m.100 views

CVE-2024-8680

CVE-2024-8680 affects the MC4WP: Mailchimp for WordPress plugin for WordPress, vulnerable in all versions up to and including 4.9.16. The issue is a stored Cross-Site Scripting (XSS) flaw caused by insufficient input sanitization and output escaping in admin settings, exploitable by authenticated...

5.5CVSS4.9AI score0.00269EPSS
Exploits0References5Affected Software1
NVD
NVDadded 2024/09/19 4:15 a.m.10 views

CVE-2024-8850

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email' parameter when a placeholder such as email is used for the field in versions 4.9.9 to 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible f...

6.1CVSS0.01256EPSS
Exploits0References3
CVE
CVEadded 2024/09/19 3:59 a.m.44 views

CVE-2024-8850

MC4WP: Mailchimp for WordPress (WordPress plugin) is affected by CVE-2024-8850 for versions 4.9.9–4.9.16, due to insufficient input sanitization and output escaping in the email parameter (with placeholders like {email}), enabling reflected XSS when a user clicks a crafted link. Unauthenticated a...

6.1CVSS6.3AI score0.01256EPSS
Exploits0References3Affected Software1
Patchstack
Patchstackadded 2024/09/19 12:0 a.m.17 views

WordPress MC4WP Plugin 4.9.9 - 4.9.16 is vulnerable to Cross Site Scripting (XSS)

Software MC4WP Type Plugin Vulnerable versions 4.9.9 - 4.9.16 Fixed in 4.9.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-8850 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 37434d44abfc Credits kauenavarro Required privilege...

6.1CVSS6.6AI score0.01256EPSS
Exploits0References3Affected Software1
CNNVD
CNNVDadded 2024/09/19 12:0 a.m.1 views

WordPress plugin MC4WP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

6.1CVSS5.9AI score0.01256EPSS
Exploits0References4
NVD
NVDadded 2024/06/11 4:15 p.m.19 views

CVE-2023-51682

Missing Authorization vulnerability in ibericode MC4WP.This issue affects MC4WP: from n/a through 4.9.9...

5.3CVSS0.00213EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/06/11 3:31 p.m.18 views

CVE-2023-51682 WordPress MC4WP plugin <= 4.9.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in ibericode MC4WP.This issue affects MC4WP: from n/a through 4.9.9...

5.3CVSS0.00213EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/06/11 3:31 p.m.15 views

CVE-2023-51682 WordPress MC4WP plugin <= 4.9.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in ibericode MC4WP.This issue affects MC4WP: from n/a through 4.9.9...

5.3CVSS5.3AI score0.00213EPSS
Exploits0References1
Patchstack
Patchstackadded 2023/12/27 12:0 a.m.11 views

WordPress MC4WP Plugin <= 4.9.9 is vulnerable to Broken Access Control

Software MC4WP Type Plugin Vulnerable versions = 4.9.9 Fixed in 4.9.10 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-51682 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ddc6b91eb6ac Credits Rafie Muhammad Patchstack Required...

5.3CVSS6.6AI score0.00213EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVASadded 2023/04/28 12:0 a.m.9 views

WordPress MC4WP Plugin < 4.8.7 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mailchimpforwordpressproject:mailchimpforwordpress"; if...

4.8CVSS5.3AI score0.00245EPSS
Exploits0References1
CNVD
CNVDadded 2022/05/24 12:0 a.m.16 views

WordPress MC4WP plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress MC4WP plugin 4.8.6 and earlier versions have a cross-site scripting vulnerability that can ...

4.8CVSS2AI score0.00245EPSS
Exploits0References1
OSV
OSVadded 2022/05/20 8:15 p.m.1 views

CVE-2021-36833

Authenticated admin or higher user role Stored Cross-Site Scripting XSS vulnerability in ibericode's MC4WP plugin = 4.8.6 at WordPress...

4.8CVSS5.9AI score
Exploits0References2
Prion
Prionadded 2022/05/20 8:15 p.m.11 views

Cross site scripting

Authenticated admin or higher user role Stored Cross-Site Scripting XSS vulnerability in ibericode's MC4WP plugin = 4.8.6 at WordPress...

3.5CVSS4.9AI score0.00245EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder