Mailchimp For Wordpress
by Ibericode
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-1781 | Med | 0.35 | 6.5 | 0.00 | Mar 11, 2026 | The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the `_mc4wp_action` POST parameter without validation, allowing unauthenticated attackers to force the… | ||
| CVE-2024-8680 | 0.00 | — | 0.01 | Sep 21, 2024 | The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,… | |||
| CVE-2021-36833 | 0.00 | — | 0.00 | May 20, 2022 | Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ibericode's MC4WP plugin <= 4.8.6 at WordPress. | |||
| CVE-2016-10871 | 0.00 | — | 0.01 | Aug 13, 2019 | The mailchimp-for-wp plugin before 4.0.11 for WordPress has XSS on the integration settings page. |
- risk 0.35cvss 6.5epss 0.00
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the `_mc4wp_action` POST parameter without validation, allowing unauthenticated attackers to force the…
- CVE-2024-8680Sep 21, 2024risk 0.00cvss —epss 0.01
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…
- CVE-2021-36833May 20, 2022risk 0.00cvss —epss 0.00
Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ibericode's MC4WP plugin <= 4.8.6 at WordPress.
- CVE-2016-10871Aug 13, 2019risk 0.00cvss —epss 0.01
The mailchimp-for-wp plugin before 4.0.11 for WordPress has XSS on the integration settings page.