CVE-2024-8680
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-8680
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8680.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-8680
- Published
- 2024-09-21T09:15:02Z
- Modified
- 2024-10-08T04:25:52.022170Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
- References
-
- https://github.com/ibericode/mailchimp-for-wordpress/commit/60c6bfc260a7974f791af1d4ad4a032a3e0bdd3c
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3153075%40mailchimp-for-wp%2Ftrunk&old=3149806%40mailchimp-for-wp%2Ftrunk&sfp_email=&sfph_mail=
- https://github.com/ibericode/mailchimp-for-wordpress/blob/main/includes/views/parts/lists-overview-details.php
- https://plugins.trac.wordpress.org/browser/mailchimp-for-wp/trunk/includes/views/parts/lists-overview-details.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/aa464547-0380-4b91-a5ea-0cd9a66da7a7?source=cve
Affected packages
Git / github.com/ibericode/mailchimp-for-wordpress
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ibericode/mailchimp-for-wordpress
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.0.2
2.0.3
2.0.4
2.0.5
2.1
2.1.1
2.1.2
2.1.4
2.1.6
2.1.7
2.2
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.3
2.3.1
2.3.10
2.3.11
2.3.12
2.3.13
2.3.14
2.3.15
2.3.16
2.3.17
2.3.18
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
3.*
3.0.10
3.0.11
3.0.12
3.0.2
3.0.3
3.0.4
3.0.6
3.0.7
3.0.8
3.0.9
3.1
3.1.1
3.1.10
3.1.11
3.1.12
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9
4.*
4.0
4.0.1
4.0.10
4.0.11
4.0.12
4.0.13
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.9
4.1.0
4.1.1
4.1.10
4.1.12
4.1.13
4.1.14
4.1.15
4.1.2
4.1.3
4.1.4
4.1.6
4.1.7
4.1.9
4.2
4.2.1
4.2.2
4.2.4
4.2.5
4.3
4.3.3
4.4
4.5.0
4.5.1
4.5.2
4.5.3
4.5.4
4.5.5
4.6.0
4.6.1
4.6.2
4.7
4.7.1
4.7.2
4.7.3
4.7.4
4.7.5
4.7.6
4.7.7
4.7.8
4.8
4.8.1
4.8.10
4.8.11
4.8.12
4.8.2
4.8.3
4.8.4
4.8.5
4.8.6
4.8.7
4.8.8
4.8.9
4.9.0
4.9.1
4.9.10
4.9.11
4.9.12
4.9.13
4.9.14
4.9.15
4.9.16
4.9.2
4.9.3
4.9.4
4.9.5
4.9.6
4.9.7
4.9.8
4.9.9