Lucene search
Chau NguyenWPEX-ID:D3A2AF00-719C-4B86-8877-B1D68A589192HistoryMar 09, 2023 - 12:00 a.m.
Easy Forms for MailChimp < 6.8.9 - Admin+ Stored XSS
2023-03-0900:00:00
Chau Nguyen
61
mailchimp easy forms
stored xss
admin
exploit
vulnerability
0.0005 Low
EPSS
Percentile
18.3%
The plugin does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Edit a form and put the following payload in the Form Name: "><script>alert(/XSS/)</script>
The XSS will be triggered when viewing the form list (/wp-admin/admin.php?page=yikes-inc-easy-mailchimp) (<= 6.8.8), as well on page/post where the form is embed (via the shortcode) (< 6.8.7)Related
prion
prion
Cross site scripting
2023-06-12 18:15:00
osv
osv
CVE-2023-1323
2023-06-12 18:15:09
wpvulndb
wpvulndb
Easy Forms for MailChimp < 6.8.9 - Admin+ Stored XSS
2023-03-09 00:00:00
cvelist
cvelist
CVE-2023-1323 Easy Forms for MailChimp < 6.8.9 - Admin+ Stored XSS
2023-06-12 17:28:21
cve
cve
CVE-2023-1323
2023-06-12 18:15:09
nvd
nvd
CVE-2023-1323
2023-06-12 18:15:09
openvas
openvas
WordPress Easy Forms for Mailchimp Plugin < 6.8.9 Multiple Vulnerability
2023-06-16 00:00:00