Vulnerabilities and security researches formailchimp-for-woocommerce

CVE, Research URL: CVE-2022-2267
Home page URL: Security reports for Mailchimp for WooCommerce
Application: Mailchimp for WooCommerce
Date: Aug 29, 2022
Research Description: The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users (such as subscriber) to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example
Affected versions: max 2.7.1.
Status: vulnerable

CVE, Research URL: CVE-2022-2556
Home page URL: Security reports for Mailchimp for WooCommerce
Application: Mailchimp for WooCommerce
Date: Aug 29, 2022
Research Description: The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example
Affected versions: max 2.7.2.
Status: vulnerable

CVE, Research URL: 3f5dfa2ebe9baa0e66335bd7bc38b9469abe4dfc
Home page URL: Security reports for Mailchimp for WooCommerce
Application: Mailchimp for WooCommerce
Date: Nov 22, 2017
Research Description: Mailchimp for WooCommerce [mailchimp-for-woocommerce] < 2.1.2 WordPress MailChimp for WooCommerce plugin <= 2.1.1 - Local File Inclusion WordPress MailChimp for WooCommerce plugin is prone to a Local File Inclusion vulnerability in 2.1.2 version. The vulnerability was in /admin/partials/tabs/notices.php file in if ( isset ( $_GET['error_notice'] ) ... IF conditional statement which lead to include(__DIR__.'/errors/'.$_GET['error_notice'].'.php'); local file inclusion.
Affected versions: max 2.1.2.
Status: vulnerable

Vulnerabilities and security researches formailchimp-for-woocommerce mailchimp-for-woocommerce