ByteOS Network

NVD Vulnerability Details :

CVE-2025-10735

Awaiting Analysis

Source-security@wordfence.com

Published At-01 Oct, 2025 | 04:15

Updated At-02 Oct, 2025 | 19:12

The Block For Mailchimp – Easy Mailchimp Form Integration plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.12 via the mcbSubmit_Form_Data(). This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	4.0	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Type: Primary

Version: 3.1

Base score: 4.0

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Weaknesses

CWE ID	Type	Source
CWE-918	Primary	security@wordfence.com

CWE ID: CWE-918

Type: Primary

Source: security@wordfence.com

References

Hyperlink	Source	Resource
https://plugins.svn.wordpress.org/block-for-mailchimp/tags/1.1.9/mailchimp/API.php	security@wordfence.com	N/A
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3368808%40block-for-mailchimp&new=3368808%40block-for-mailchimp&sfp_email=&sfph_mail=	security@wordfence.com	N/A
https://wordpress.org/plugins/block-for-mailchimp/	security@wordfence.com	N/A
https://www.wordfence.com/threat-intel/vulnerabilities/id/51de575f-d458-4a7d-bc57-4a11e5124377?source=cve	security@wordfence.com	N/A