VYPR

Mailchimp For Wordpress

by Ibericode

Source repositories

CVEs (4)

  • CVE-2026-1781MedMar 11, 2026
    risk 0.35cvss 6.5epss 0.00

    The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the `_mc4wp_action` POST parameter without validation, allowing unauthenticated attackers to force the…

  • CVE-2024-8680Sep 21, 2024
    risk 0.00cvss epss 0.01

    The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…

  • CVE-2021-36833May 20, 2022
    risk 0.00cvss epss 0.00

    Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ibericode's MC4WP plugin <= 4.8.6 at WordPress.

  • CVE-2016-10871Aug 13, 2019
    risk 0.00cvss epss 0.01

    The mailchimp-for-wp plugin before 4.0.11 for WordPress has XSS on the integration settings page.