CVE-2023-4925

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-4925

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4925.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-4925

Published

2024-01-15T16:15:11.907Z

Modified

2026-04-10T05:05:00.593698Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

References

https://wpscan.com/vulnerability/0b094cba-9288-4c9c-87a9-bdce286fe8b6

Affected packages

Git / github.com/yikesinc/yikes-inc-easy-mailchimp-extender

Affected ranges

Type

GIT

Repo

https://github.com/yikesinc/yikes-inc-easy-mailchimp-extender

Events

Introduced

Last affected

eb1203fa6c1b25294ec28fec51f0ad8c2e4df402

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.8.10"
        }
    ]
}

Affected versions

1.*

1.0.0

1.0.1

1.1.0

1.2.0

1.3.0

1.3.1

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.1.0

2.1.1

2.2.0

3.*

3.0

3.0.1

4.*

4.0

4.1

4.2

4.2.1

6.*

6.0.0-rc1.0

6.6.0

6.6.1

6.6.2

6.6.4

6.7.0

6.8.0

6.8.1

6.8.10

6.8.2

6.8.3

6.8.4

6.8.5

6.8.6

6.8.8

6.8.9

v.*

v.6.2.2

v.6.2.3

v4.*

v4.0

v6.*

v6.0.1

v6.2.0

v6.2.1

v6.7.0

v6.8.7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4925.json"