Cross-Site Request Forgery in SandyIN Import Users to MailChimp
CVE-2025-23675

7.1HIGH

Key Information:

Vendor: WordPress
Status: Import Users To Mailchimp
Vendor: CVE Published:; 16 January 2025

What is CVE-2025-23675?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the SandyIN Import Users to MailChimp plugin, allowing attackers to craft malicious requests that could lead to Stored Cross-Site Scripting (XSS). This flaw can compromise the security of the website by enabling unauthorized actions on behalf of the user, making it imperative for site administrators to address and mitigate the risks associated with this vulnerability.

Affected Version(s)

Import Users to MailChimp <= 1.0

References

https://patchstack.com/database/wordpress/plugin/import-u...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

SOPROBRO (Patchstack Alliance)