CVE-2021-4244

A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/add_field_to_form.php. The manipulation of the argument field_name/merge_tag/field_type/list_id leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 6.8.6 is able to address this issue. The name of the patch is 3662c6593aa1bb4286781214891d26de2e947695. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215307.
Configurations

Configuration 1 (hide)

cpe:2.3:a:yikesplugins:easy_forms_for_mailchimp:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 06:37

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.1
v2 : unknown
v3 : 2.6
References () https://github.com/EvanHerman/yikes-inc-easy-mailchimp-extender/commit/3662c6593aa1bb4286781214891d26de2e947695 - Patch, Third Party Advisory () https://github.com/EvanHerman/yikes-inc-easy-mailchimp-extender/commit/3662c6593aa1bb4286781214891d26de2e947695 - Patch, Third Party Advisory
References () https://github.com/EvanHerman/yikes-inc-easy-mailchimp-extender/pull/889 - Patch, Third Party Advisory () https://github.com/EvanHerman/yikes-inc-easy-mailchimp-extender/pull/889 - Patch, Third Party Advisory
References () https://github.com/EvanHerman/yikes-inc-easy-mailchimp-extender/releases/tag/6.8.6 - Release Notes, Third Party Advisory () https://github.com/EvanHerman/yikes-inc-easy-mailchimp-extender/releases/tag/6.8.6 - Release Notes, Third Party Advisory
References () https://vuldb.com/?id.215307 - Third Party Advisory () https://vuldb.com/?id.215307 - Third Party Advisory

15 Dec 2022, 19:53

Type Values Removed Values Added
New CVE

Information

Published : 2022-12-12 14:15

Updated : 2024-11-21 06:37


NVD link : CVE-2021-4244

Mitre link : CVE-2021-4244

CVE.ORG link : CVE-2021-4244


JSON object : View

Products Affected

yikesplugins

  • easy_forms_for_mailchimp
CWE
CWE-707

Improper Neutralization

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')