WordPress Support Services

Panagiotis Vagenas, a Wordfence Security Researcher, has discovered a reflected cross site scripting vulnerability in the Easy Forms for MailChimp plugin for WordPress There are over 40,000 active installations according to wordpressorg We shared the details of the vulnerability with the author on Monday and they released version 613 on Tuesday, which includes a fix for the vulnerability An attack leveraging this reflected cross site scripting vulnerability would require an admin to click on a link which might be accomplished via some kind of social engineering attack Accomplishing that could enable an attacker to perform a number of administrative functions, including adding a user with admin privileges, effectively giving them full control of the website It is important to note that many modern browsers, such as Chrome and Safari, protect against these types of scripts running on the client side, which diminishes the odds that this vulnerability will be exploited in the wild CVSS Severity: 88 (High) What to do Both Premium and free Wordfence users with the firewall enabled are already protected Anyone not running Wordfence should upgrade to version 613 immediately The post Vulnerability in Easy Forms for MailChimp 612 and older appeared first on Wordfence #Vulnerabilities #Xss #WordPressSecurity #Vulnerabilities http://wwwlarymdesigncom
https://www.wordfence.com/blog/2016/07/vulnerability-easy-forms-mailchimp/