Easy Forms for MailChimp 3.0 – 5.0.6 Stored XSS | CVE 2014-7152

Affects Plugins

yikes-inc-easy-mailchimp-extender

Fixed in 5.0.6

References

CVE

CVE-2014-7152

URL

https://g0blin.co.uk/cve-2014-7152/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

2679e14a-46f6-4509-9b63-8b98ae47b0c6

Timeline

Publicly Published

2014-10-06 (about 11 years ago)

Added

2014-10-06 (about 11 years ago)

Last Updated

2019-10-21 (about 6 years ago)

Other

Published

Title

Published

2024-01-22

Title

PDF Generator For Fluent Forms < 1.1.8 - Cross-Site Scripting

Published

2025-05-16

Title

X Addons for Elementor < 1.0.17 - Contributor+ Stored XSS

Published

2026-01-09

Title

Shortcodes and extra features for Phlox theme < 2.17.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget

Published

2025-01-06

Title

RightMessage WP <= 0.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-03-28

Title

OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) < 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting