Block For Mailchimp – Easy Mailchimp Form Integration

4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Description

The Block For Mailchimp – Easy Mailchimp Form Integration plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.12 via the mcbSubmit_Form_Data(). This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Basic Information

ID CVE-2025-10735

Source Wordfence

Published Oct 1, 2025 at 03:25

Affected Product

Vendor bplugins

Product Block For Mailchimp – Easy Mailchimp Form Integration

Version *

Affected Versions bplugins Block For Mailchimp – Easy Mailchimp Form Integration *

CWE Classification

CWE-918

References

{
    "lastseen": "",
    "description": "The Block For Mailchimp \u2013 Easy Mailchimp Form Integration plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.12 via the mcbSubmit_Form_Data(). This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.",
    "published": "2025-10-01T03:25:23.454Z",
    "modified": "2025-10-01T03:25:23.454Z",
    "type": "cve",
    "title": "Block For Mailchimp \u2013 Easy Mailchimp Form Integration <= 1.1.12 - Unauthenticated Blind Server-Side Request Forgery",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/51de575f-d458-4a7d-bc57-4a11e5124377?source=cve\nhttps://plugins.svn.wordpress.org/block-for-mailchimp/tags/1.1.9/mailchimp/API.php\nhttps://wordpress.org/plugins/block-for-mailchimp/\nhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3368808%40block-for-mailchimp&new=3368808%40block-for-mailchimp&sfp_email=&sfph_mail=",
    "id": "CVE-2025-10735",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "bplugins Block For Mailchimp \u2013 Easy Mailchimp Form Integration *",
    "sourceHref": "",
    "cvss": {
        "score": 4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Block For Mailchimp \u2013 Easy Mailchimp Form Integration",
    "version": "*",
    "vendor": "bplugins",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Block For Mailchimp – Easy Mailchimp Form Integration <= 1.1.12 - Unauthenticated Blind Server-Side Request Forgery_CVE-2025-10735