Security Advisory

CVE-2022-2556

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-08-29 17:15:36

Last updated 2024-08-03 00:39:07

Assigner WPScan

State PUBLISHED

Description

The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example

← Browse all CVEs View on cve.org ↗