CVE-2023-2518 PoC — WordPress plugin Easy Forms for Mailchimp 跨站脚本漏洞

Source

Associated Vulnerability

Description

The Easy Forms for Mailchimp plugin before version 6.8.9 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the sql_error parameter before outputting it back in the page when the debug option is enabled, which could allow attackers to execute arbitrary JavaScript code in an administrator's browser context.

File Snapshot

 id: CVE-2023-2518

info:
  name: WordPress Easy Forms for Mailchimp Plugin < 6.8.9 - Cross-Site Scri

...

Remarks