Yikesinc Easy Forms For Mailchimp — known CVE vulnerabilities
Every CVE whose affected-product data names Yikesinc Easy Forms For Mailchimp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2019-15318 — CVSS 9.8 (critical): The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field.
CVE-2021-24985 — CVSS 6.1 (medium): The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the field_name and field_type parameters before…
CVE-2023-2518 — CVSS 6.1 (medium): The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape a parameter before outputting it back in the page…
CVE-2023-1324 — CVSS 6.1 (medium): The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the…
CVE-2023-23900 — CVSS 5.8 (medium): Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin <= 6.8.8 versions.
CVE-2023-1325 — CVSS 5.4 (medium): The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting…
CVE-2023-1323 — CVSS 4.8 (medium): The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high…
CVE-2023-4925 — CVSS 4.8 (medium): The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high…