6.1

CVE-2023-32517

EPSS 0.2%
Veröffentlicht 29.12.2023 10:15:10
Zuletzt bearbeitet 21.11.2024 08:03:31
Quelle audit@patchstack.com
CVE-Watchlists
Login
Unerledigt
Login

MailChimp Subscribe Forms <= 4.0.9.3 - Open Redirect

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: from n/a through 4.0.9.3.

Mögliche Gegenmaßnahme

MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: Update to version 4.0.9.4, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder

Version *-4.0.9.3

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibericode ≫ Mailchimp SwPlatformwordpress Version < 4.0.9.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.425

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
audit@patchstack.com	4.7	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://patchstack.com/database/vulnerability/mailchimp-subscribe-sm/wordpress-mailchimp-subscribe-forms-plugin-4-0-9-1-open-redirection-vulnerability?_s_id=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/aba1ca3a-a937-400b-b175-2ca4e67a107d

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-32517

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-32517

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-32517

EUVD