cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8680,https://securityvulnerability.io/vulnerability/CVE-2024-8680,Stored Cross-Site Scripting Vulnerability in MC4WP Affects Multi-Site Installations,"The Mailchimp for WordPress plugin for WordPress exhibits a vulnerability that permits stored cross-site scripting through its admin settings. This issue arises from inadequate input validation and output escaping practices. Authenticated users with administrator-level permissions can exploit this vulnerability to insert arbitrary web scripts that are executed whenever a user accesses the compromised page. It is particularly relevant in multi-site environments and instances where the unfiltered_html capability has been disabled, thereby increasing the risk of malicious script execution on affected installations.",Wordpress,Mc4WP: Mailchimp For WordPress,5.5,MEDIUM,0.0010999999940395355,false,,false,false,false,,false,false,2024-09-21T08:35:54.533Z,0
CVE-2024-8850,https://securityvulnerability.io/vulnerability/CVE-2024-8850,Mailchimp MC4WP Vulnerable to Reflected Cross-Site Scripting,"The Mailchimp for WordPress plugin has a vulnerability that allows for Reflected Cross-Site Scripting through the misuse of the 'email' parameter. When placeholders like {email} are utilized, inadequate input sanitization and output escaping become apparent. This flaw enables attackers without authentication to inject malicious web scripts into pages. A successful exploitation requires the attacker to deceive a user into performing an action such as clicking a link, which triggers the execution of the injected script, posing significant risks to user data and website integrity.",Wordpress,Mc4WP: Mailchimp For WordPress,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-09-19T03:59:14.402Z,0
CVE-2021-36833,https://securityvulnerability.io/vulnerability/CVE-2021-36833,WordPress MC4WP plugin <= 4.8.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability,Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ibericode's MC4WP plugin <= 4.8.6 at WordPress.,Wordpress,Mc4WP: Mailchimp For WordPress,4.8,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-05-20T20:15:00.000Z,0