CVE-2021-24985

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.4%
top 42.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Easy Forms FOR MailchimpYikesinc Easy Forms FOR Mailchimp
Timeline
PublishedJan 24
Latest updateJan 25

Description

The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the field_name and field_type parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5unknown/easy_forms_for_mailchimp6.8.66.8.6
NVDyikesinc/easy_forms< 6.8.6

Patches

Patch: plugins.trac.wordpress.orgPatch: plugins.trac.wordpress.org

🔴Vulnerability Details

2
GHSA
GHSA-fvf3-jrrp-pm9m: The Easy Forms for Mailchimp WordPress plugin before 62022-01-25
CVEList
Easy Forms for Mailchimp < 6.8.6 - Reflected Cross-Site Scripting2022-01-24