CVE-2023-1325

CWE-79 — Cross-site Scripting (XSS)CWE-1325 CWE-770 — Allocation without Limits4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.3%

top 46.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Easy Forms FOR Mailchimp Yikesinc Easy Forms FOR Mailchimp

Timeline

PublishedApr 17

Description

The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5unknown/easy_forms_for_mailchimp< 6.8.7

▶NVDyikesinc/easy_forms< 6.8.7

🔴Vulnerability Details

GHSA

GHSA-5wv2-gf93-pmhf: The Easy Forms for Mailchimp WordPress plugin before 6↗2023-04-17

▶

CVEList

Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS↗2023-04-17

▶

📋Vendor Advisories

Juniper

CVE-2023-28968: An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) Application↗2023-04-17

▶