MidnightBSD

Advisories for mailchimp

CVE-2014-7152 MEDIUM

Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the update_options action to wp-admin/admin-ajax.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
mailchimp easy_mailchimp_forms_plugin 4.2
mailchimp easy_mailchimp_forms_plugin 5.0.5
mailchimp easy_mailchimp_forms_plugin 5.0.6
mailchimp easy_mailchimp_forms_plugin 5.0.2
mailchimp easy_mailchimp_forms_plugin 5.0.4
mailchimp easy_mailchimp_forms_plugin 4.1
mailchimp easy_mailchimp_forms_plugin 5.0
mailchimp easy_mailchimp_forms_plugin 5.0.1
mailchimp easy_mailchimp_forms_plugin 3.0
mailchimp easy_mailchimp_forms_plugin 4.3
mailchimp easy_mailchimp_forms_plugin 4.4
mailchimp easy_mailchimp_forms_plugin 4.0
mailchimp easy_mailchimp_forms_plugin 5.0.3
mailchimp easy_mailchimp_forms_plugin 4.2.1
CVE-2022-2267

The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users (such as subscriber) to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
mailchimp mailchimp_for_woocommerce *
CVE-2022-2556

The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 1.2 1.4

Products Affected

Vendor Product Version
mailchimp mailchimp_for_woocommerce *