yikesinc/yikes-inc-easy-mailchimp-extender is vulnerable to cross-site scripting. The vulnerability exists because of unsanitized form data used in the add_field_to_form.php
, allowing an attacker to inject and execute malicious JavaScript.
github.com/advisories/GHSA-837v-6vgx-jqcc
github.com/EvanHerman/yikes-inc-easy-mailchimp-extender/commit/3662c6593aa1bb4286781214891d26de2e947695
github.com/EvanHerman/yikes-inc-easy-mailchimp-extender/pull/889
github.com/EvanHerman/yikes-inc-easy-mailchimp-extender/releases/tag/6.8.6
vuldb.com/?id.215307