CVE-2021-4244 – yikes-inc-easy-mailchimp-extender Plugin add_field_to_form.php cross site scripting

https://notcve.org/view.php?id=CVE-2021-4244

A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/add_field_to_form.php. The manipulation of the argument field_name/merge_tag/field_type/list_id leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 6.8.6 is able to address this issue. • https://github.com/EvanHerman/yikes-inc-easy-mailchimp-extender/commit/3662c6593aa1bb4286781214891d26de2e947695 https://github.com/EvanHerman/yikes-inc-easy-mailchimp-extender/pull/889 https://github.com/EvanHerman/yikes-inc-easy-mailchimp-extender/releases/tag/6.8.6 https://vuldb.com/?id.215307 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •