Shivam Kumar

**Name of the Vulnerable Software and Affected Versions** Mailchimp List Subscribe Form versions prior to 2.0.1 **Description** The Mailchimp List Subscribe Form plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by inadequate nonce validation within the `mailchimp sf change list if necessary()` function. An unauthenticated attacker could potentially modify Mailchimp lists by deceiving a site administrator into performing an action, such as clicking a malicious link. **Recommendations** Update Mailchimp List Subscribe Form to version 2.0.1 or later.