Lucene search
WpvulndbWPVDB-ID:5F37CBF3-2388-4582-876C-6A7B0943C2A7HistoryMar 27, 2023 - 12:00 a.m.
Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS
2023-03-2700:00:00
wpscan.com
14
mailchimp
stored xss
contributor
security
shortcode
0.001 Low
EPSS
Percentile
23.7%
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PoC
As a contributor, put the below shortcodes in a post, preview it and move the mouse over the generated subscribe form to trigger the XSS [yikes-mailchimp-unsubscribe list=‘"onmouseover=alert(/XSS-list/)//’] [yikes-mailchimp-unsubscribe list=‘-1’ email_placeholder=‘"onmouseover=alert(/XSS-email_placeholder/)//’]
| CPE | Name | Operator | Version |
|---|---|---|---|
| yikes-inc-easy-mailchimp-extender | lt | 6.8.7 |
Related
cve
cve
CVE-2023-1325
2023-04-17 13:15:38
prion
prion
Cross site scripting
2023-04-17 13:15:00
openvas
openvas
WordPress Easy Forms for Mailchimp Plugin < 6.8.7 XSS Vulnerability
2023-04-18 00:00:00
cvelist
cvelist
CVE-2023-1325 Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS
2023-04-17 12:17:39
wpexploit
wpexploit
Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS
2023-03-27 00:00:00
nvd
nvd
CVE-2023-1325
2023-04-17 13:15:38
osv
osv
CVE-2023-1325
2023-04-17 13:15:38
wordfence
wordfence