PT-2026-24546 · WordPress+1 · Mc4Wp: Mailchimp For Wordpress+1
Sarawut Poolkhet
·
Publicado
2026-03-11
·
Atualizado
2026-03-11
·
CVE-2026-1781
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
MC4WP: Mailchimp for WordPress plugin versions prior to 4.11.2
Description
The MC4WP: Mailchimp for WordPress plugin for WordPress is susceptible to unauthorized access. The plugin improperly validates the
mc4wp action POST parameter, allowing unauthenticated attackers to manipulate form processing. Specifically, attackers can force unsubscribe actions instead of subscribe actions. This allows arbitrary email addresses to be unsubscribed from the connected Mailchimp audience if the attacker can determine the form ID, which is exposed in the HTML source. The vulnerable parameter is mc4wp action.Recommendations
Update MC4WP: Mailchimp for WordPress plugin to version 4.11.2 or later.
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Mc4Wp: Mailchimp For Wordpress
Mailchimp