Aggregates CVE and security vulnerability intelligence across all mailchimp-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk ssrf and vendor risk cross-site scripting, with potential vendor impact session compromise across vendor surface production workloads and vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-2556 | The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example | [email protected] | 2.7 | 0.22% | 2022-08-29 | 2024-11-21 |
| CVE-2022-2267 | The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users (such as subscriber) to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example | [email protected] | 4.3 | 0.20% | 2022-08-29 | 2024-11-21 |
| CVE-2014-7152 | Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the update_options action to wp-admin/admin-ajax.php. | [email protected] | 4.3 | 0.17% | 2014-09-26 | 2026-05-06 |