Ibericode: >> Mailchimp >> 2.3.15 Security Vulnerabilities
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVSS Score
4.4
EPSS Score
0.001
Published
2024-09-21
Missing Authorization vulnerability in ibericode MC4WP.This issue affects MC4WP: from n/a through 4.9.9.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-06-11
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: from n/a through 4.0.9.3.
CVSS Score
4.7
EPSS Score
0.002
Published
2023-12-29
The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS via the return value of add_query_arg.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-08-22
The mailchimp-for-wp plugin before 4.0.11 for WordPress has XSS on the integration settings page.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-13