Lucene search
WpvulndbWPEX-ID:CA120255-2C50-4906-97F3-EA660486DB4CHistoryMay 22, 2023 - 12:00 a.m.
Easy Forms for Mailchimp < 6.8.9 - Reflected XSS
2023-05-2200:00:00
wpvulndb
54
mailchimp forms
reflected xss
debug settings
admin
sql error exploit
security
0.001 Low
EPSS
Percentile
25.0%
The plugin does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
When the debug settings is enabled (ie /wp-admin/admin.php?page=yikes-inc-easy-mailchimp-settings§ion=debug-settings), make a logged in admin open the URL below
https://example.com/wp-admin/admin.php?page=yikes-mailchimp-edit-form&sql_error=<svg/onload=alert(/XSS/)>Related
nvd
nvd
CVE-2023-2518
2023-05-30 08:15:10
prion
prion
Cross site scripting
2023-05-30 08:15:00
cvelist
cvelist
CVE-2023-2518 Easy Forms for Mailchimp < 6.8.9 - Reflected XSS
2023-05-30 07:49:12
cve
cve
CVE-2023-2518
2023-05-30 08:15:10
osv
osv
CVE-2023-2518
2023-05-30 08:15:10
wpvulndb
wpvulndb
Easy Forms for Mailchimp < 6.8.9 - Reflected XSS
2023-05-22 00:00:00
openvas
openvas
WordPress Easy Forms for Mailchimp Plugin < 6.8.9 Multiple Vulnerability
2023-06-16 00:00:00