MailChimp Subscribe Form <= 1.1 – Email Field Remote PHP Code Execution

Affects Plugins

mailchimp-subscribe-sm

Fixed in 1.2

References

URL

https://packetstormsecurity.com/files/#132035/

URL

https://plugins.trac.wordpress.org/browser/mailchimp-subscribe-sm/tags/1.1/data.php?rev=1128995

URL

https://plugins.trac.wordpress.org/browser/mailchimp-subscribe-sm/tags/1.2/data.php?rev=1128995

Classification

Type

RCE

OWASP top 10

A1: Injection

CWE

CWE-94

Miscellaneous

Submitter

Viktor Gazdag

Submitter twitter

wucpi

Verified

No

WPVDB ID

1fa71124-1486-459e-9972-97d32fdc9d02

Timeline

Publicly Published

2015-04-21 (about 11 years ago)

Added

2015-04-25 (about 11 years ago)

Last Updated

2019-12-09 (about 6 years ago)

Other

Published

Title

Published

2025-02-28

Title

Authors List < 2.0.6.1 - Unauthenticated Arbitrary Shortcode Execution

Published

2025-02-07

Title

WP All Export Pro < 1.9.2 - Unauthenticated Remote Code Execution via Custom Export Fields

Published

2024-12-05

Title

Pojo Forms < 1.4.8 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via form_preview_shortcode

Published

2020-11-23

Title

Secure File Manager < 2.8.2 - Authenticated Remote Code Execution

Published

2017-01-11

Title

WordPress 4.3-4.7 - Remote Code Execution (RCE) in PHPMailer