PT-2023-25787 · Mailchimp+1 · Mailchimp+1

Ulyses Saicha

Publicado

2023-07-18

Atualizado

2023-07-27

CVE-2023-3709

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions The Royal Elementor Addons plugin for WordPress versions up to, and including, 1.3.70

Description The issue allows unauthenticated attackers to obtain a site's MailChimp API key due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for attackers to compromise the API key.

Recommendations For versions up to, and including, 1.3.70, reset any MailChimp API keys if the MailChimp block is enabled, as the API key may have been compromised. Consider disabling the MailChimp block until a patch is available to prevent further exploitation.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2023-3709

Produtos afetados

Mailchimp

Royal Elementor Addons

PT-2023-25787 · Mailchimp+1 · Mailchimp+1

CVE-2023-3709

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6