CVE-2019-15318 β€” Code Injection in Easy Forms FOR Mailchimp

CWE-94 β€” Code Injection3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
1.0%
top 23.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Yikesinc Easy Forms FOR Mailchimp
Timeline
PublishedAug 22
Latest updateMay 24

Description

The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

β–ΆNVDyikesinc/easy_forms< 6.5.3

πŸ”΄Vulnerability Details

2
GHSA
GHSA-383v-jp4w-9jcp: The yikes-inc-easy-mailchimp-extender plugin before 6β†—2022-05-24
β–Ά
CVEList
CVE-2019-15318: The yikes-inc-easy-mailchimp-extender plugin before 6β†—2019-08-22
β–Ά
CVE-2019-15318 β€” Code Injection | cvebase