Skip to main content

Mailchimp

5 CVEs product

Monthly

CVE-2024-8680 MEDIUM PATCH This Month

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress XSS Mailchimp
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2024-8850 MEDIUM PATCH This Month

{email} is used for the field in versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Mailchimp
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-32517 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.0.9.3. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Mailchimp
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2015-5488 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the MailChimp Signup submodule in the MailChimp module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "administer mailchimp". Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Mailchimp
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2012-5551 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the MailChimp module 7.x-2.x before 7.x-2.7 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Mailchimp
NVD
CVSS 2.0
4.3
EPSS
0.3%
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress XSS Mailchimp
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

{email} is used for the field in versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Mailchimp
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.0.9.3. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Mailchimp
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the MailChimp Signup submodule in the MailChimp module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "administer mailchimp". Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Mailchimp
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the MailChimp module 7.x-2.x before 7.x-2.7 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Mailchimp
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy