vendor:
MailChimp Subscribe Forms
by:
woodspeed
8.8
CVSS
HIGH
Remote Code Execution
78
CWE
Product Name: MailChimp Subscribe Forms
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: YES
Related CWE: None
CPE: a:wordpress:mailchimp_subscribe_sm:1.1
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Apache 2.2.22, PHP 5.3.10
2015
WordPress MailChimp Subscribe Forms Remote Code Execution
Remote Code Execution via email field. When the admin user checks the subscibers list, the php code is executed.
Mitigation:
Fixed in version 1.2