CVE-2023-2518

CVSS 3.1 Score 7 of 10 (high)

Details

Published May 30, 2023

Updated: Jan 10, 2025

CWE ID 798

Summary

CVE-2023-2518 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Easy Forms for Mailchimp WordPress plugin before version 6.8.9. This issue arises due to the plugin's failure to sanitize and escape a user-supplied parameter before rendering it on the page. When the plugin's debug option is enabled, an attacker can exploit this vulnerability by injecting malicious scripts into the affected page. The consequences of a successful exploit could be severe, particularly for high-privilege users like administrators, who could be at risk of having their accounts compromised. Users are strongly advised to update their Easy Forms for Mailchimp plugin to the latest version to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Vendors

Nokia

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners