CVE-2025-12172 | Mailchimp List Subscribe Form Plugin up to 2.0.0 on WordPress mailchimp_sf_change_list_if_necessary cross-site request forgery

Inserito da Angelo Barbosa | Feb 18, 2026 | CVE

A vulnerability classified as problematic has been found in Mailchimp List Subscribe Form Plugin up to 2.0.0 on WordPress. This vulnerability affects the function mailchimp_sf_change_list_if_necessary. Performing a manipulation results in cross-site request forgery.

This vulnerability is cataloged as CVE-2025-12172. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2025-12172 | Mailchimp List Subscribe Form Plugin up to 2.0.0 on WordPress mailchimp_sf_change_list_if_necessary cross-site request forgery

Post correlati

CVE-2025-6520 | Abis BAPSIS prior 202510271606 sql injection

CVE-2024-8294 | FeehiCMS up to 2.1.1 index.php update FriendlyLink[image] unrestricted upload

CVE-2024-8303 | dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c /ajax/getBasicInfo.php username sql injection

CVE-2025-15098 | YunaiV yudao-cloud up to 2025.11 Business Process Management BpmHttpCallbackTrigger/BpmSyncHttpRequestTrigger url/header/body server-side request forgery