CVE-2022-2556

Name of the Vulnerable Software and Affected Versions Mailchimp for WooCommerce WordPress plugin versions prior to 2.7.2

Description The issue allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN. The body of the request is also appended to the response, which can be used to scan the private network.

Recommendations For Mailchimp for WooCommerce WordPress plugin versions prior to 2.7.2, update to version 2.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action to minimize the risk of exploitation.