WordPress MC4WP Plugin <= 4.9.16 is vulnerable to Cross Site Scripting (XSS)

Software MC4WP Type Plugin Vulnerable versions = 4.9.16 Fixed in 4.9.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8680 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9afe0c8406de Credits Jorge Diaz ddiax Required...

CVE-2024-8850

MC4WP: Mailchimp for WordPress (WordPress plugin) is affected by CVE-2024-8850 for versions 4.9.9–4.9.16, due to insufficient input sanitization and output escaping in the email parameter (with placeholders like {email}), enabling reflected XSS when a user clicks a crafted link. Unauthenticated a...

WordPress plugin MC4WP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress MC4WP Plugin 4.9.9 - 4.9.16 is vulnerable to Cross Site Scripting (XSS)

Software MC4WP Type Plugin Vulnerable versions 4.9.9 - 4.9.16 Fixed in 4.9.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-8850 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 37434d44abfc Credits kauenavarro Required privilege...

CVE-2023-51682 WordPress MC4WP plugin <= 4.9.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in ibericode MC4WP.This issue affects MC4WP: from n/a through 4.9.9...

WordPress MC4WP plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress MC4WP plugin 4.8.6 and earlier versions have a cross-site scripting vulnerability that can ...

CVE-2021-36833

Authenticated admin or higher user role Stored Cross-Site Scripting XSS vulnerability in ibericode's MC4WP plugin = 4.8.6 at WordPress...

Cross site scripting

Authenticated admin or higher user role Stored Cross-Site Scripting XSS vulnerability in ibericode's MC4WP plugin = 4.8.6 at WordPress...

CVE-2021-36833 WordPress MC4WP plugin <= 4.8.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated admin or higher user role Stored Cross-Site Scripting XSS vulnerability in ibericode's MC4WP plugin = 4.8.6 at WordPress...

CVE-2021-36833 WordPress MC4WP plugin <= 4.8.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated admin or higher user role Stored Cross-Site Scripting XSS vulnerability in ibericode's MC4WP plugin = 4.8.6 at WordPress...

MC4WP < 4.8.7 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise from data, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Create a form and put the following payload in the Form Code textarea: The XSS will be triggered...