Vulnerabilities and security researches formailchimp-for-woocommerce mailchimp-for-woocommerce

Jun 07, 2024

CVE, Research URL: CVE-2022-2267
Home page URL: Security reports for Mailchimp for WooCommerce
Application: Mailchimp for WooCommerce
Date: Aug 29, 2022
Research Description: The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users (such as subscriber) to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example
Affected versions: max 2.7.1.
Status: vulnerable

CVE, Research URL: CVE-2022-2556
Home page URL: Security reports for Mailchimp for WooCommerce
Application: Mailchimp for WooCommerce
Date: Aug 29, 2022
Research Description: The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example
Affected versions: max 2.7.2.
Status: vulnerable

CVE, Research URL: 3f5dfa2ebe9baa0e66335bd7bc38b9469abe4dfc
Home page URL: Security reports for Mailchimp for WooCommerce
Application: Mailchimp for WooCommerce
Date: Nov 22, 2017
Research Description: Mailchimp for WooCommerce [mailchimp-for-woocommerce] < 2.1.2 WordPress MailChimp for WooCommerce plugin <= 2.1.1 - Local File Inclusion WordPress MailChimp for WooCommerce plugin is prone to a Local File Inclusion vulnerability in 2.1.2 version. The vulnerability was in /admin/partials/tabs/notices.php file in if ( isset ( $_GET['error_notice'] ) ... IF conditional statement which lead to include(__DIR__.'/errors/'.$_GET['error_notice'].'.php'); local file inclusion.
Affected versions: max 2.1.2.
Status: vulnerable

Jun 25, 2026

PSC, Research URL: PSC-2026-64671
Home page URL: Security reports for Mailchimp for WooCommerce
Application: Mailchimp for WooCommerce
Date: Jun 25, 2026
Research Description: Email marketing integrations process order activity, customer profiles, product metadata, cart events, and API credentials. That makes them useful for store communication, but also security-sensitive because customer related data moves between WooCommerce and an external marketing platform. Mailchimp for WooCommerce version 6.1.1 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64671, confirming that the plugin was reviewed from a secure code perspective with attention to common exploitation paths for WooCommerce customer sync, order data handling, API credentials, and marketing automation workflows.
Affected versions: Min 6.1.1, max 6.1.1.
Status: SAFE & CERTIFIED