CVE-2023-2518

Name of the Vulnerable Software and Affected Versions Easy Forms for Mailchimp WordPress plugin versions prior to 6.8.9

Description The issue is related to a Reflected Cross-Site Scripting problem. It occurs when the debug option is enabled, and a parameter is not properly sanitised and escaped before being outputted back in the page. This could be exploited against high-privilege users, such as administrators.

Recommendations For versions prior to 6.8.9, update to version 6.8.9 or later to resolve the issue. As a temporary workaround, consider disabling the debug option until a patch is available. Restrict access to the plugin's debug functionality to minimize the risk of exploitation.