The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
References
Configurations
History
21 Nov 2024, 07:58
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/ca120255-2c50-4906-97f3-ea660486db4c - Exploit |
13 Jun 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
Summary | The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. |
05 Jun 2023, 14:59
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CPE | cpe:2.3:a:yikesinc:easy_forms_for_mailchimp:*:*:*:*:*:wordpress:*:* | |
References | (MISC) https://wpscan.com/vulnerability/ca120255-2c50-4906-97f3-ea660486db4c - Exploit |
30 May 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-30 08:15
Updated : 2024-11-21 07:58
NVD link : CVE-2023-2518
Mitre link : CVE-2023-2518
CVE.ORG link : CVE-2023-2518
JSON object : View
Products Affected
yikesinc
- easy_forms_for_mailchimp
CWE
No CWE.