CVE-2023-4925

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-4925

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4925.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-4925

Published

2024-01-15T16:15:11Z

Modified

2025-07-01T15:17:17.372689Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

References

https://wpscan.com/vulnerability/0b094cba-9288-4c9c-87a9-bdce286fe8b6

Affected packages

Git / github.com/yikesinc/yikes-inc-easy-mailchimp-extender

Affected ranges

Type: GIT
Repo: https://github.com/yikesinc/yikes-inc-easy-mailchimp-extender
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

eb1203fa6c1b25294ec28fec51f0ad8c2e4df402

Affected versions

1.*

1.0.0

1.0.1

1.1.0

1.2.0

1.3.0

1.3.1

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.1.0

2.1.1

2.2.0

2.2.1

3.*

3.0

3.0.1

4.*

4.0

4.1

4.2

4.2.1

5.*

5.0.4

5.0.5

5.0.6

5.1

5.1.0.1

5.1.1

5.4.3

6.*

6.0.0-rc1.0

6.0.2.2

6.0.2.4

6.0.2/6.0.2.1

6.0.3.2

6.0.3.3

6.0.3.6

6.0.3.7

6.0.3.8

6.0.3.9

6.0.5

6.0.5.3

6.6.0

6.6.1

6.6.2

6.6.3

6.6.4

6.7.0

6.8.0

6.8.1

6.8.10

6.8.2

6.8.3

6.8.4

6.8.5

6.8.6

6.8.8

6.8.9

v.*

v.6.2.2

v.6.2.3

v4.*

v4.0

v6.*

v6.0.1

v6.0.3

v6.0.5

v6.0.5.3

v6.1

v6.1.1

v6.1.2

v6.1.3

v6.1.4

v6.2.0

v6.2.1

v6.5.5

v6.7.0

v6.8.7