Reflected Cross-Site Scripting Vulnerability in Forms for Mailchimp by Optin Cat
CVE-2024-8870

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Forms For Mailchimp By Optin Cat – Grow Your Mailchimp List
Vendor: CVE Published:; 26 October 2024

What is CVE-2024-8870?

The Forms for Mailchimp plugin by Optin Cat for WordPress is susceptible to Reflected Cross-Site Scripting (XSS) attacks, primarily due to the inadequate escaping of URLs via the add_query_arg function. This vulnerability impacts all versions up to and including 2.5.6 and allows unauthorized users to inject malicious scripts into web pages. By tricking victims into clicking a specially crafted link, attackers can execute arbitrary scripts in the context of the user's session, potentially leading to data theft, account compromise, or other malicious activities.

Affected Version(s)

Forms for Mailchimp by Optin Cat – Grow Your MailChimp List * <= 2.5.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/mailchimp-wp/t...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2024
Vulnerability Reserved
Sep 15, 2024

Credit

Dale Mavers