CVE-2023-1323

CWE-79Cross-site Scripting (XSS)5 documents4 sources
Severity
4.8MEDIUM
EPSS
0.2%
top 63.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Easy Forms FOR MailchimpYikesinc Easy Forms FOR Mailchimp
Timeline
PublishedJun 12

Description

The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

NVDyikesinc/easy_forms< 6.8.9

🔴Vulnerability Details

2
CVEList
Easy Forms for MailChimp < 6.8.9 - Admin+ Stored XSS2023-06-12
GHSA
GHSA-8rjg-q394-qc97: The Easy Forms for Mailchimp WordPress plugin through 62023-06-12