CVE-2024-8870

Vulnerability

The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) in all versions up to, and including, 2.5.7. The vulnerability exists in the includes/eoi-subscribers.php file [1] because add_query_arg is used without appropriate escaping on the URL [1][2]. This allows unauthenticated attackers to inject arbitrary web scripts.

Exploitation

An attacker can exploit this vulnerability by crafting a malicious link that includes a payload as a query parameter. The attacker then tricks a user into clicking the link, for example via social engineering or by placing the link on a controlled site. The unescaped URL parameters are reflected back in the page response, causing the injected script to execute in the victim's browser. The vulnerability is reflected and requires user interaction (clicking the link) [1].

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's browser session on the affected WordPress site. This can lead to information disclosure (data theft, session hijacking), and other actions that can be performed by scripts in the browser. The attacker does not need prior authentication or high privileges [1].

Mitigation

The vendor has released a fix in changeset 3198558 [2]. Users should update the plugin to version 2.5.8 or later. As of the publication date (2024-10-26), no specific workaround is documented, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.