PT-2024-12864 · Mailmunch · Mailchimp Forms By Mailmunch

István Márton

Published

2024-12-13

Updated

2024-12-14

CVE-2023-40203

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MailChimp Forms by MailMunch versions prior to 3.1.4

Description The issue is related to a missing authorization vulnerability in MailChimp Forms by MailMunch, which allows the exploitation of incorrectly configured access control security levels.

Recommendations For versions prior to 3.1.4, update to version 3.1.4 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2023-40203

Affected Products

Mailchimp Forms By Mailmunch

PT-2024-12864 · Mailmunch · Mailchimp Forms By Mailmunch

CVE-2023-40203

Weakness Enumeration

Related Identifiers

Affected Products

References · 5