Easy Forms for Mailchimp

Information

Software Type Plugin
Software Slug yikes-inc-easy-mailchimp-extender (view on wordpress.org)
Software Status Removed
Software Author eherman24
Software Website codeparrots.com
Software Downloads 3,023,400
Software Active Installs 80,000
Software Record Last Updated November 24, 2024

13 Vulnerabilities

5.4
CVE ID Unknown
Mar 29, 2020
Researchers:
9.1
CVE ID Unknown
Jul 13, 2016
Researcher: Yorick Koster,
Title Status CVE ID CVSS Researchers Date
Easy Forms for Mailchimp <= 6.9.0 - Missing Authorization Unpatched CVE-2024-35742 5.3 Ngô Thiên An (ancorn_) June 6, 2024
Easy Forms for Mailchimp <= 6.8.10 - Sensitive Information Exposure via logfile Unpatched CVE-2024-25095 7.5 Joshua Chan February 12, 2024
Easy Forms for Mailchimp <= 6.8.10 - Authenticated (Admin+) Stored Cross-Site Scripting Unpatched CVE-2023-4925 4.4 Sławomir Zakrzewski December 21, 2023
Easy Forms for Mailchimp <= 6.8.8 - Reflected Cross-Site Scripting Patched CVE-2023-2518 6.1 Erwan LR May 22, 2023
Easy Forms for Mailchimp <= 6.8.8 - Reflected Cross-Site Scripting via 'sql_error' Patched CVE-2023-23900 6.1 Rafie Muhammad May 17, 2023
Easy Forms for MailChimp <= 6.8.7 - Reflected Cross-Site Scripting Patched CVE-2023-1324 6.1 Erwan LR March 29, 2023
Easy Forms for MailChimp <= 6.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2023-1325 6.4 Erwan LR March 27, 2023
Easy Forms for Mailchimp <= 6.8.8 - Authenticated (Administrator+) Cross-Site Scripting via Form Name Patched CVE-2023-1323 4.4 Chau Nguyen March 9, 2023
Easy Forms for Mailchimp <= 6.8.5 - Reflected Cross-Site Scripting Patched CVE-2021-24985 6.1 ZhongFu Su December 21, 2021
Easy Forms for Mailchimp <= 6.6.2 - Authenticated Cross-Site Scripting Patched 5.4 March 29, 2020
Easy Forms for Mailchimp <= 6.5.2 - Code Injection Patched CVE-2019-15318 9.8 Henri Salo (fgeek) July 1, 2019
Easy Forms for Mailchimp < 6.1 - Local File Inclusion Patched 9.1 Yorick Koster, July 13, 2016
Easy Forms for Mailchimp 3.0 - 5.0.6 - Cross-Site Scripting Patched CVE-2014-7152 7.2 James Hooker September 26, 2014

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation