WordPress MC4WP Plugin <= 4.9.16 is vulnerable to Cross Site Scripting (XSS)

Software MC4WP Type Plugin Vulnerable versions = 4.9.16 Fixed in 4.9.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8680 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9afe0c8406de Credits Jorge Diaz ddiax Required...

CVE-2024-8850

MC4WP: Mailchimp for WordPress (WordPress plugin) is affected by CVE-2024-8850 for versions 4.9.9–4.9.16, due to insufficient input sanitization and output escaping in the email parameter (with placeholders like {email}), enabling reflected XSS when a user clicks a crafted link. Unauthenticated a...

WordPress MC4WP Plugin 4.9.9 - 4.9.16 is vulnerable to Cross Site Scripting (XSS)

Software MC4WP Type Plugin Vulnerable versions 4.9.9 - 4.9.16 Fixed in 4.9.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-8850 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 37434d44abfc Credits kauenavarro Required privilege...

WordPress plugin MC4WP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

CVE-2023-51682 WordPress MC4WP plugin <= 4.9.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in ibericode MC4WP.This issue affects MC4WP: from n/a through 4.9.9...

WordPress MC4WP plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress MC4WP plugin 4.8.6 and earlier versions have a cross-site scripting vulnerability that can ...

CVE-2021-36833

Authenticated admin or higher user role Stored Cross-Site Scripting XSS vulnerability in ibericode's MC4WP plugin = 4.8.6 at WordPress...

Cross site scripting

Authenticated admin or higher user role Stored Cross-Site Scripting XSS vulnerability in ibericode's MC4WP plugin = 4.8.6 at WordPress...

CVE-2021-36833 WordPress MC4WP plugin <= 4.8.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated admin or higher user role Stored Cross-Site Scripting XSS vulnerability in ibericode's MC4WP plugin = 4.8.6 at WordPress...

CVE-2021-36833 WordPress MC4WP plugin <= 4.8.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated admin or higher user role Stored Cross-Site Scripting XSS vulnerability in ibericode's MC4WP plugin = 4.8.6 at WordPress...

MC4WP < 4.8.7 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise from data, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Create a form and put the following payload in the Form Code textarea: The XSS will be triggered...