Lucene search
WPScanCVELIST:CVE-2023-1325HistoryApr 17, 2023 - 12:17 p.m.
CVE-2023-1325 Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS
2023-04-1712:17:39
WPScan
www.cve.org
mailchimp
wordpress
stored xss
0.001 Low
EPSS
Percentile
23.7%
The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CNA Affected
[
{
"vendor": "Unknown",
"product": "Easy Forms for Mailchimp",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "6.8.7"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
cve
cve
CVE-2023-1325
2023-04-17 13:15:38
prion
prion
Cross site scripting
2023-04-17 13:15:00
openvas
openvas
WordPress Easy Forms for Mailchimp Plugin < 6.8.7 XSS Vulnerability
2023-04-18 00:00:00
wpexploit
wpexploit
Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS
2023-03-27 00:00:00
nvd
nvd
CVE-2023-1325
2023-04-17 13:15:38
osv
osv
CVE-2023-1325
2023-04-17 13:15:38
wpvulndb
wpvulndb
Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS
2023-03-27 00:00:00
wordfence
wordfence