Vulnerabilities (CVE)

Filtered by vendor Yikesinc Subscribe
Total 10 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-4925 1 Yikesinc 1 Easy Forms For Mailchimp 2024-11-21 N/A 4.8 MEDIUM
The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2023-2518 1 Yikesinc 1 Easy Forms For Mailchimp 2024-11-21 N/A 6.1 MEDIUM
The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVE-2023-23900 1 Yikesinc 1 Easy Forms For Mailchimp 2024-11-21 N/A 5.8 MEDIUM
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin <= 6.8.8 versions.
CVE-2023-1325 1 Yikesinc 1 Easy Forms For Mailchimp 2024-11-21 N/A 5.4 MEDIUM
The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2023-1324 1 Yikesinc 1 Easy Forms For Mailchimp 2024-11-21 N/A 6.1 MEDIUM
The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2023-1323 1 Yikesinc 1 Easy Forms For Mailchimp 2024-11-21 N/A 4.8 MEDIUM
The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2022-43463 1 Yikesinc 1 Custom Product Tabs For Woocommerce 2024-11-21 N/A 4.8 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Custom Product Tabs for WooCommerce plugin <= 1.7.9 on WordPress.
CVE-2022-28666 1 Yikesinc 1 Custom Product Tabs For Woocommerce 2024-11-21 N/A 5.3 MEDIUM
Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update.
CVE-2021-24985 1 Yikesinc 1 Easy Forms For Mailchimp 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the field_name and field_type parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
CVE-2019-15318 1 Yikesinc 1 Easy Forms For Mailchimp 2024-11-21 7.5 HIGH 9.8 CRITICAL
The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field.