Jpowersdev

**Name of the Vulnerable Software and Affected Versions** yikes-inc-easy-mailchimp-extender Plugin versions up to 6.8.5 **Description** A vulnerability has been found in the yikes-inc-easy-mailchimp-extender Plugin, affecting an unknown part of the file admin/partials/ajax/add field to form.php. The manipulation of the `field name`, `merge tag`, `field type`, and `list id` arguments leads to cross-site scripting. It is possible to initiate the attack remotely. **Recommendations** For yikes-inc-easy-mailchimp-extender Plugin versions up to 6.8.5, upgrade to version 6.8.6 to address this issue. As a temporary workaround, consider restricting access to the `admin/partials/ajax/add field to form.php` file until the upgrade is applied. Avoid using the `field name`, `merge tag`, `field type`, and `list id` arguments in the affected API endpoint until the issue is resolved.