Mailchimp : Security Vulnerabilities, CVEs,
The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example
Max CVSS
2.7
EPSS Score
0.06%
Published
2022-08-29
Updated
2022-09-01
The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users (such as subscriber) to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example
Max CVSS
4.3
EPSS Score
0.06%
Published
2022-08-29
Updated
2022-09-01
Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the update_options action to wp-admin/admin-ajax.php.
Max CVSS
4.3
EPSS Score
0.16%
Published
2014-09-26
Updated
2014-09-30
3 vulnerabilities found