WpvulndbWPVDB-ID:5F37CBF3-2388-4582-876C-6A7B0943C2A7Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.0004 Low
EPSS
Percentile
12.0%
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PoC
As a contributor, put the below shortcodes in a post, preview it and move the mouse over the generated subscribe form to trigger the XSS [yikes-mailchimp-unsubscribe list=‘"onmouseover=alert(/XSS-list/)//’] [yikes-mailchimp-unsubscribe list=‘-1’ email_placeholder=‘"onmouseover=alert(/XSS-email_placeholder/)//’]
| CPE | Name | Operator | Version |
|---|---|---|---|
| yikes-inc-easy-mailchimp-extender | lt | 6.8.7 |
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.0004 Low
EPSS
Percentile
12.0%