Easy Forms for MailChimp < 6.8.9 – Admin+ Stored XSS | CVE 2023-1323 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

Edit a form and put the following payload in the Form Name: "><script>alert(/XSS/)</script>

The XSS will be triggered when viewing the form list (/wp-admin/admin.php?page=yikes-inc-easy-mailchimp) (<= 6.8.8), as well on page/post where the form is embed (via the shortcode) (< 6.8.7)

Affects Plugins

yikes-inc-easy-mailchimp-extender

Fixed in 6.8.9

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Chau Nguyen

Submitter

Chau Nguyen

Submitter website

https://linkedin.com/in/chau-nguyen-vn168

Verified

Yes

WPVDB ID

d3a2af00-719c-4b86-8877-b1d68a589192

Timeline

Publicly Published

2023-03-09 (about 2 years ago)

Added

2023-05-19 (about 2 years ago)

Last Updated

2023-06-13 (about 2 years ago)

Other

Published

Title

Published

2016-01-30

Title

Anti-Spam <= 4.1 - XSS

Published

2024-10-09

Title

Advanced Blocks Pro <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

Published

2025-06-13

Title

YITH WooCommerce Wishlist < 4.6.0 - Contributor+ Stored XSS via id Parameter

Published

2025-01-06

Title

GDY Modular Content < 0.9.93 - Reflected Cross-Site Scripting

Published

2023-04-06

Title

IMPress Listings <= 2.6.2 - Contributor+ Stored XSS