Security Advisory

CVE-2022-2267

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-08-29 17:15:35

Last updated 2024-08-03 00:32:09

Assigner WPScan

State PUBLISHED

Description

The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users (such as subscriber) to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example

← Browse all CVEs View on cve.org ↗