Filtered by vendor Matthieuscarset Subscriptions
Filtered by product Mailchimp Campaigns Subscriptions

Search

Switch to Advanced Search (Beta)
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-1303 2 Matthieuscarset, Wordpress 2 Mailchimp Campaigns, Wordpress 2026-02-16 5.3 Medium
The MailChimp Campaigns plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.2.4. This is due to missing capability checks on the `mailchimp_campaigns_manager_disconnect_app` function that is hooked to the AJAX action of the same name. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disconnect the site from its MailChimp synchronization app, disrupting automated email campaigns and marketing integrations.