CVE-2023-1323

Published: Jun 12, 2023Modified: Jan 3, 2025

4.8

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Exploitability: 1.7 / Impact: 2.7

Source: NVD

Description

The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Affected (1)

Products: Yikesinc: Easy Forms For Mailchimp

Yikesinc

1 product

Easy Forms For Mailchimp

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Yikesinc Easy Forms For Mailchimp	Before 6.8.9

References (2)

https://wpscan.com/vulnerability/d3a2af00-719c-4b86-8877-b1d68a589192

Source: contact@wpscan.com

Third Party Advisory

https://wpscan.com/vulnerability/d3a2af00-719c-4b86-8877-b1d68a589192

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.