MailMunch Vulnerability Affects Grow your Email List Plugin
CVE-2024-8735

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Mailmunch – Grow Your Email List
Vendor: CVE Published:; 22 November 2024

What is CVE-2024-8735?

The MailMunch – Grow your Email List plugin for WordPress has a vulnerability related to Reflected Cross-Site Scripting (XSS) due to insecure handling of user input with the add_query_arg function. All versions up to and including 3.1.8 lack adequate escaping, allowing unauthenticated attackers to embed arbitrary scripts into websites. This can occur when users are duped into clicking malicious links, ultimately leading to execution of the injected scripts within their browsers. Website owners utilizing this plugin should take immediate action to mitigate potential exploits.

Affected Version(s)

MailMunch – Grow your Email List * <= 3.1.8

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/mailmunch/tags...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2024
Vulnerability Reserved
Sep 11, 2024

Credit

Dale Mavers