VYPR

Easy MailChimp Forms

by WordPress

CVEs (10)

  • CVE-2024-25095HigJun 4, 2024
    risk 0.49cvss 7.5epss 0.00

    Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0.

  • CVE-2023-2518MedMay 30, 2023
    risk 0.40cvss 6.1epss 0.01

    The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

  • CVE-2023-1324MedApr 24, 2023
    risk 0.40cvss 6.1epss 0.01

    The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

  • CVE-2021-24985MedJan 24, 2022
    risk 0.40cvss 6.1epss 0.01

    The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the field_name and field_type parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues

  • CVE-2023-23900MedAug 10, 2023
    risk 0.38cvss 5.8epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin <= 6.8.8 versions.

  • CVE-2023-1325MedApr 17, 2023
    risk 0.35cvss 5.4epss 0.01

    The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored…

  • CVE-2024-35742MedJun 10, 2024
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0.

  • CVE-2023-4925MedJan 15, 2024
    risk 0.31cvss 4.8epss 0.00

    The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

  • CVE-2023-1323MedJun 12, 2023
    risk 0.31cvss 4.8epss 0.00

    The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for…

  • CVE-2014-7152Sep 26, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the update_options action to wp-admin/admin-ajax.php.