WordPress Plugin Vulnerabilities

MailChimp for WordPress <= 4.0.10 - Authenticated Cross-Site Scripting (XSS)

Description

The MC4WP: Mailchimp for WordPress WordPress plugin was affected by an Authenticated Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
mailchimp-for-wp
Fixed in 4.0.11

References

CVE
CVE-2016-10871
URL
https://plugins.trac.wordpress.org/changeset/1550477/mailchimp-for-wp
URL
https://advisories.dxw.com/advisories/reflected-xss-in-mailchimp-for-wordpress-could-allow-an-attacker-to-do-almost-anything-an-admin-user-can/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
45fce54e-2d0e-4cf2-a9b2-49faca5b2a94

Timeline

Publicly Published
2016-12-09 (about 9 years ago)
Added
2016-12-13 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
vkontakte-api - vkontakte-api/swf/tagcloud.swf tagcloud Parameter XSS
Published
2024-10-10
Title
PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes < 3.5.15 - Reflected Cross-Site Scripting
Published
2014-08-01
Title
Zedity < 2.5.1 - Cross-Site Scripting (XSS)
Published
2024-02-23
Title
WP Event Manager < 3.1.42 - Reflected Cross-Site Scripting via plugin
Published
2024-02-28
Title
My Sticky Bar < 2.6.8 - Admin+ Stored XSS