VYPR

Mailchimp

by WordPress

Source repositories

CVEs (2)

  • CVE-2026-1781MedMar 11, 2026
    risk 0.35cvss 6.5epss 0.00

    The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the `_mc4wp_action` POST parameter without validation, allowing unauthenticated attackers to force the…

  • CVE-2024-8680Sep 21, 2024
    risk 0.00cvss epss 0.01

    The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…