CVE-2023-1324

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.3%
top 49.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Easy Forms FOR MailchimpYikesinc Easy Forms FOR Mailchimp
Timeline
PublishedApr 24

Description

The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDyikesinc/easy_forms< 6.8.8

🔴Vulnerability Details

2
CVEList
Easy Forms for MailChimp < 6.8.8 - Reflected XSS2023-04-24
GHSA
GHSA-292r-c8r5-h2g9: The Easy Forms for Mailchimp WordPress plugin before 62023-04-24