WordPress MailChimp 3.1.5 / 4.0.10 Cross Site Scripting Vulnerability

ID 1337DAY-ID-26545
Type zdt
Reporter Tom Adams
Modified 2016-12-18T00:00:00


WordPress MailChimp versions 3.1.5 and 4.0.10 suffer from a cross site scripting vulnerability.

Software: MailChimp for WordPress
Version: 3.1.5,4.0.10
Homepage: http://wordpress.org/plugins/mailchimp-for-wp/
Advisory report: https://security.dxw.com/advisories/reflected-xss-in-mailchimp-for-wordpress-could-allow-an-attacker-to-do-almost-anything-an-admin-user-can/
CVE: Awaiting assignment
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)

Reflected XSS in MailChimp for WordPress could allow an attacker to do almost anything an admin user can

If an attacker can trick a logged-in admin user intoA visiting a particular URL, they can execute JavaScript in the useras browser which can perform almost any action that the user can.

Proof of concept
Assuming you have the site running on http://localhost/ with the plugin activated, visit this URL in a browser without reflected XSS mitigation measures (i.e. Firefox):

Update to versionA 4.0.11 or later.

Disclosure policy
dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: https://security.dxw.com/disclosure/

Please contact us on [email protected] to acknowledge this report if you received it via a third party (for example, [email protected]press.org) as they generally cannot communicate with us on your behalf.

This vulnerability will be published if we do not receive a response to this report with 14 days.


2016-03-23: Discovered
2016-12-07: Reported toA [email protected]
2016-12-07: Requested CVE
2016-12-07: Vendor first replied
2016-12-09: Vendor reported fixed inA 4.0.11
2016-12-13: Advisory published

Discovered by dxw:
Tom Adams
Please visit security.dxw.com for more information.

#  0day.today [2018-02-09]  #