Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-2518

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

6.1MEDIUM

EPSS

11.4%

top 6.41%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Unknown Easy Forms FOR Mailchimp Yikesinc Easy Forms FOR Mailchimp

Timeline

PublishedMay 30

Description

The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5unknown/easy_forms_for_mailchimp< 6.8.9

▶NVDyikesinc/easy_forms6.8.8

🔴Vulnerability Details

CVEList

Easy Forms for Mailchimp < 6.8.9 - Reflected XSS↗2023-05-30

▶

GHSA

GHSA-qx4c-77h7-7fwj: The Easy Forms for Mailchimp WordPress plugin through 6↗2023-05-30

▶

💥Exploits & PoCs

Nuclei

WordPress Easy Forms for Mailchimp Plugin < 6.8.9 - Cross-Site Scripting

▶