All the vulnerabilites related to MailMunch - MailChimp Forms by MailMunch
cve-2024-29793
Vulnerability from cvelistv5
Published
2024-03-27 12:42
Modified
2024-08-02 01:17
Severity ?
EPSS score ?
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch MailChimp Forms by MailMunch allows Stored XSS.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.2.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | MailMunch | MailChimp Forms by MailMunch |
Version: n/a < |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-29793", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-28T16:06:22.369737Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:58:15.115Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:17:57.352Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://patchstack.com/database/vulnerability/mailchimp-forms-by-mailmunch/wordpress-mailchimp-forms-by-mailmunch-plugin-3-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "mailchimp-forms-by-mailmunch", "product": "MailChimp Forms by MailMunch", "vendor": "MailMunch", "versions": [ { "changes": [ { "at": "3.2.3", "status": "unaffected" } ], "lessThanOrEqual": "3.2.2", "status": "affected", "version": "n/a", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "NG\u00d4 THI\u00caN AN / ancorn_ from VNPT-VCI (Patchstack Alliance)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in MailMunch MailChimp Forms by MailMunch allows Stored XSS.\u003cp\u003eThis issue affects MailChimp Forms by MailMunch: from n/a through 3.2.2.\u003c/p\u003e" } ], "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in MailMunch MailChimp Forms by MailMunch allows Stored XSS.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.2.\n\n" } ], "impacts": [ { "capecId": "CAPEC-592", "descriptions": [ { "lang": "en", "value": "CAPEC-592 Stored XSS" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-27T12:42:06.199Z", "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack" }, "references": [ { "tags": [ "vdb-entry" ], "url": "https://patchstack.com/database/vulnerability/mailchimp-forms-by-mailmunch/wordpress-mailchimp-forms-by-mailmunch-plugin-3-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update to 3.2.3 or a higher version." } ], "value": "Update to 3.2.3 or a higher version." } ], "source": { "discovery": "EXTERNAL" }, "title": "WordPress MailChimp Forms by MailMunch plugin \u003c= 3.2.2 - Cross Site Scripting (XSS) vulnerability", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "assignerShortName": "Patchstack", "cveId": "CVE-2024-29793", "datePublished": "2024-03-27T12:42:06.199Z", "dateReserved": "2024-03-19T16:00:24.215Z", "dateUpdated": "2024-08-02T01:17:57.352Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40203
Vulnerability from cvelistv5
Published
2024-12-13 14:24
Modified
2024-12-13 19:02
Severity ?
EPSS score ?
Summary
Missing Authorization vulnerability in MailMunch MailChimp Forms by MailMunch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailChimp Forms by MailMunch: from n/a through 3.1.4.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | MailMunch | MailChimp Forms by MailMunch |
Version: n/a < |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-40203", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-13T19:02:10.302868Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-13T19:02:21.230Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "mailchimp-forms-by-mailmunch", "product": "MailChimp Forms by MailMunch", "vendor": "MailMunch", "versions": [ { "changes": [ { "at": "3.1.5", "status": "unaffected" } ], "lessThanOrEqual": "3.1.4", "status": "affected", "version": "n/a", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Istv\u00e1n M\u00e1rton (Patchstack Alliance)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eMissing Authorization vulnerability in MailMunch MailChimp Forms by MailMunch allows Exploiting Incorrectly Configured Access Control Security Levels.\u003c/p\u003e\u003cp\u003eThis issue affects MailChimp Forms by MailMunch: from n/a through 3.1.4.\u003c/p\u003e" } ], "value": "Missing Authorization vulnerability in MailMunch MailChimp Forms by MailMunch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailChimp Forms by MailMunch: from n/a through 3.1.4." } ], "impacts": [ { "capecId": "CAPEC-180", "descriptions": [ { "lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T14:24:05.949Z", "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack" }, "references": [ { "tags": [ "vdb-entry" ], "url": "https://patchstack.com/database/wordpress/plugin/mailchimp-forms-by-mailmunch/vulnerability/wordpress-mailchimp-forms-by-mailmunch-plugin-3-1-4-broken-access-control?_s_id=cve" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "No patched version is available." } ], "value": "No patched version is available." } ], "source": { "discovery": "EXTERNAL" }, "title": "WordPress MailChimp Forms by MailMunch plugin \u003c= 3.1.4 - Broken Access Control", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "assignerShortName": "Patchstack", "cveId": "CVE-2023-40203", "datePublished": "2024-12-13T14:24:05.949Z", "dateReserved": "2023-08-10T11:31:18.459Z", "dateUpdated": "2024-12-13T19:02:21.230Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-31378
Vulnerability from cvelistv5
Published
2024-04-15 10:21
Modified
2024-08-02 01:52
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp Forms by MailMunch.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.1.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | MailMunch | MailChimp Forms by MailMunch |
Version: n/a < |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-31378", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-15T12:08:49.840685Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:36:08.271Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:52:56.612Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://patchstack.com/database/vulnerability/mailchimp-forms-by-mailmunch/wordpress-mailchimp-forms-by-mailmunch-plugin-3-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "mailchimp-forms-by-mailmunch", "product": "MailChimp Forms by MailMunch", "vendor": "MailMunch", "versions": [ { "changes": [ { "at": "3.2.2", "status": "unaffected" } ], "lessThanOrEqual": "3.2.1", "status": "affected", "version": "n/a", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Majed Refaea (Patchstack Alliance)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp Forms by MailMunch.\u003cp\u003eThis issue affects MailChimp Forms by MailMunch: from n/a through 3.2.1.\u003c/p\u003e" } ], "value": "Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp Forms by MailMunch.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.1.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-15T10:21:58.373Z", "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack" }, "references": [ { "tags": [ "vdb-entry" ], "url": "https://patchstack.com/database/vulnerability/mailchimp-forms-by-mailmunch/wordpress-mailchimp-forms-by-mailmunch-plugin-3-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update to 3.2.2 or a higher version." } ], "value": "Update to 3.2.2 or a higher version." } ], "source": { "discovery": "EXTERNAL" }, "title": "WordPress MailChimp Forms by MailMunch plugin \u003c= 3.2.1 - Cross Site Request Forgery (CSRF) vulnerability", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "assignerShortName": "Patchstack", "cveId": "CVE-2024-31378", "datePublished": "2024-04-15T10:21:58.373Z", "dateReserved": "2024-04-01T06:51:34.353Z", "dateUpdated": "2024-08-02T01:52:56.612Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-8726
Vulnerability from cvelistv5
Published
2024-11-20 06:42
Modified
2024-11-20 15:16
Severity ?
EPSS score ?
Summary
The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | mailmunch | MailChimp Forms by MailMunch |
Version: * ≤ 3.2.3 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-8726", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T15:10:51.265617Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T15:16:27.322Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "MailChimp Forms by MailMunch", "vendor": "mailmunch", "versions": [ { "lessThanOrEqual": "3.2.3", "status": "affected", "version": "*", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Dale Mavers" } ], "descriptions": [ { "lang": "en", "value": "The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-20T06:42:54.917Z", "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence" }, "references": [ { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a1a1c5e7-75a4-4ca5-9707-4076b92e0c33?source=cve" }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3189361%40mailchimp-forms-by-mailmunch\u0026new=3189361%40mailchimp-forms-by-mailmunch\u0026sfp_email=\u0026sfph_mail=" } ], "timeline": [ { "lang": "en", "time": "2024-11-19T00:00:00.000+00:00", "value": "Disclosed" } ], "title": "MailChimp Forms by MailMunch \u003c= 3.2.3 - Reflected Cross-Site Scripting" } }, "cveMetadata": { "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "assignerShortName": "Wordfence", "cveId": "CVE-2024-8726", "datePublished": "2024-11-20T06:42:54.917Z", "dateReserved": "2024-09-11T19:54:20.698Z", "dateUpdated": "2024-11-20T15:16:27.322Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45748
Vulnerability from cvelistv5
Published
2023-10-16 10:01
Modified
2024-09-16 14:43
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp Forms by MailMunch plugin <= 3.1.4 versions.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | MailMunch | MailChimp Forms by MailMunch |
Version: n/a < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:29:32.624Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://patchstack.com/database/vulnerability/mailchimp-forms-by-mailmunch/wordpress-mailchimp-forms-by-mailmunch-plugin-3-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-45748", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-16T14:23:24.765751Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-16T14:43:50.792Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "mailchimp-forms-by-mailmunch", "product": "MailChimp Forms by MailMunch", "vendor": "MailMunch", "versions": [ { "lessThanOrEqual": "3.1.4", "status": "affected", "version": "n/a", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Abdi Pranata (Patchstack Alliance)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp Forms by MailMunch plugin \u0026lt;=\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;3.1.4 versions.\u003c/span\u003e" } ], "value": "Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp Forms by MailMunch plugin \u003c=\u00a03.1.4 versions." } ], "impacts": [ { "capecId": "CAPEC-62", "descriptions": [ { "lang": "en", "value": "CAPEC-62 Cross Site Request Forgery" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-16T10:01:15.956Z", "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack" }, "references": [ { "tags": [ "vdb-entry" ], "url": "https://patchstack.com/database/vulnerability/mailchimp-forms-by-mailmunch/wordpress-mailchimp-forms-by-mailmunch-plugin-3-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" } ], "source": { "discovery": "EXTERNAL" }, "title": "WordPress MailChimp Forms by MailMunch Plugin \u003c= 3.1.4 is vulnerable to Cross Site Request Forgery (CSRF)", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "assignerShortName": "Patchstack", "cveId": "CVE-2023-45748", "datePublished": "2023-10-16T10:01:15.956Z", "dateReserved": "2023-10-12T08:27:55.558Z", "dateUpdated": "2024-09-16T14:43:50.792Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }