N/A
2026-03-10< 4.12.0
MC4WP: Mailchimp for WordPress <= 4.11.1 - Missing Authorization to Unauthenticated Arbitrary Subscription Deletion
MC4WP: Mailchimp for WordPress
Minimum safe version
4.12.0
Update to 4.12.0 or later to address 17 fixable vulnerabilities
Latest available4.12.5 ✓Affected up to4.9.16 ⚠
Medium 5.5
2024-09-23< 4.9.17
WordPress MC4WP Plugin <= 4.9.16 is vulnerable to Cross Site Scripting (XSS)
Medium 6.1
2024-09-19≥ 4.9.9 and ≤ 4.9.16
CVE-2024-8850
Medium 5.3
2024-12-27< 4.9.10
WordPress MC4WP Plugin <= 4.9.9 is vulnerable to Broken Access Control
N/A
< 4.1.7
MailChimp for WordPress <= 4.1.6 - Authenticated Cross-Site Scripting (XSS)
N/A
< 4.8.5
MC4WP: Mailchimp for WordPress < 4.8.5 - Unauthorised Actions via CSRF
N/A
< 4.8.5
MC4WP: Mailchimp for WordPress < 4.8.5 - Authenticated Arbitrary Redirect
N/A
< 4.8.7
MC4WP < 4.8.7 - Admin+ Stored Cross-Site Scripting
N/A
2019-11-09< 4.1.7
MC4WP: Mailchimp for WordPress <= 4.1.6 - Reflected Cross-Site Scripting
N/A
2021-06-01< 4.8.5
MC4WP: Mailchimp for WordPress <= 4.8.4 - Open Redirect
N/A
2021-06-01< 4.8.5
MC4WP: Mailchimp for WordPress <= 4.8.4 - Cross-Site Request Forgery
N/A
2022-03-02< 4.8.7
MC4WP: Mailchimp for WordPress < 4.8.7 - Cross-Site Scripting
N/A
2016-12-09< 4.0.11
WordPress MailChimp Plugin <= 4.0.10 - Cross Site Scripting
Medium 4.8
2022-05-20< 4.8.7
CVE-2021-36833
N/A
2021-06-01< 4.8.5
WordPress MC4WP plugin <= 4.8.4 - Authenticated Arbitrary Redirect vulnerability
N/A
2021-06-01< 4.8.5
WordPress MC4WP plugin <= 4.8.4 - Unauthorised Actions via Cross-Site Request Forgery (CSRF) vulnerability
Medium 6.1
2019-08-13< 4.0.11
CVE-2016-10871
Medium 6.1
2019-08-22< 4.1.8
CVE-2017-18577