30 matches found
CVE-2021-36833 WordPress MC4WP plugin <= 4.8.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated admin or higher user role Stored Cross-Site Scripting XSS vulnerability in ibericode's MC4WP plugin = 4.8.6 at WordPress...
CVE-2021-36833 WordPress MC4WP plugin <= 4.8.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated admin or higher user role Stored Cross-Site Scripting XSS vulnerability in ibericode's MC4WP plugin = 4.8.6 at WordPress...
CVE-2021-36833
Summary: CVE-2021-36833 describes an authenticated stored XSS in WordPress MC4WP plugin (ibericode) version
PT-2022-10570 · WordPress · Mc4Wp
Name of the Vulnerable Software and Affected Versions: MC4WP plugin versions = 4.8.6 Description: The issue is an Authenticated Stored Cross-Site Scripting XSS vulnerability. It affects users with admin or higher roles. There is no information provided about the estimated number of potentially...
MC4WP < 4.8.7 - Admin+ Stored Cross-Site Scripting
The plugin does not properly sanitise from data, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Create a form and put the following payload in the Form Code textarea: The XSS will be triggered...
MC4WP < 4.8.7 - Admin+ Stored Cross-Site Scripting
The plugin does not properly sanitise form data, which could allow high privilege users to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed...
WordPress MC4WP plugin <= 4.8.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress MC4WP plugin versions = 4.8.6. Solution Update the WordPress MC4WP plugin to the latest available version at least 4.8.7...
WordPress MC4WP plugin <= 4.8.4 - Authenticated Arbitrary Redirect vulnerability
Authenticated Arbitrary Redirect vulnerability discovered by WPScanTeam in WordPress MC4WP plugin versions = 4.8.4. Solution Update the WordPress MC4WP plugin to the latest available version at least 4.8.5...
WordPress MC4WP plugin <= 4.8.4 - Unauthorised Actions via Cross-Site Request Forgery (CSRF) vulnerability
Unauthorised Actions via Cross-Site Request Forgery CSRF vulnerability discovered by WPScanTeam in WordPress MC4WP plugin versions = 4.8.4. Solution Update the WordPress MC4WP plugin to the latest available version at least 4.8.5...
MailChimp for WordPress <= 4.0.10 - Authenticated Cross-Site Scripting (XSS)
The MC4WP: Mailchimp for WordPress WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...