CVE-2023-1324: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

April 24, 2023 (updated November 7, 2023)

The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

References

nvd.nist.gov/vuln/detail/CVE-2023-1324
wpscan.com/vulnerability/8f510b8c-b97a-44c9-a36d-2d775a4f7b81

Code Behaviors & Features

Detect and mitigate CVE-2023-1324 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →