{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12172", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-24T14:55:13.389Z", "datePublished": "2026-02-19T03:25:12.912Z", "dateUpdated": "2026-04-08T16:47:49.135Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:47:49.135Z"}, "affected": [{"vendor": "mailchimp", "product": "Mailchimp List Subscribe Form", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.0.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Mailchimp List Subscribe Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation on the mailchimp_sf_change_list_if_necessary() function. This makes it possible for unauthenticated attackers to change Mailchimp lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "Mailchimp List Subscribe Form <= 2.0.0 - Cross-Site Request Forgery to Mailchimp List Change", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3e270633-0031-41c1-98ac-ce96cd599a60?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3435538%40mailchimp&new=3435538%40mailchimp&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "SHIVAM KUMAR"}], "timeline": [{"time": "2026-02-18T14:55:46.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-19T17:04:37.240090Z", "id": "CVE-2025-12172", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T17:43:16.858Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12172", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-19T17:04:37.240090Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T17:04:39.011Z"}}], "cna": {"title": "Mailchimp List Subscribe Form <= 2.0.0 - Cross-Site Request Forgery to Mailchimp List Change", "credits": [{"lang": "en", "type": "finder", "value": "SHIVAM KUMAR"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "mailchimp", "product": "Mailchimp List Subscribe Form", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.0.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-18T14:55:46.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3e270633-0031-41c1-98ac-ce96cd599a60?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3435538%40mailchimp&new=3435538%40mailchimp&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Mailchimp List Subscribe Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation on the mailchimp_sf_change_list_if_necessary() function. This makes it possible for unauthenticated attackers to change Mailchimp lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-02-19T03:25:12.912Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12172", "state": "PUBLISHED", "dateUpdated": "2026-02-19T17:43:16.858Z", "dateReserved": "2025-10-24T14:55:13.389Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-19T03:25:12.912Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Mailchimp List Subscribe Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation on the mailchimp_sf_change_list_if_necessary() function. This makes it possible for unauthenticated attackers to change Mailchimp lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El plugin Mailchimp List Subscribe Form para WordPress es vulnerable a falsificaci\u00f3n de petici\u00f3n en sitios cruzados en todas las versiones hasta la 2.0.0, inclusive. Esto se debe a una validaci\u00f3n de nonce faltante o incorrecta en la funci\u00f3n mailchimp_sf_change_list_if_necessary(). Esto hace posible que atacantes no autenticados cambien las listas de Mailchimp a trav\u00e9s de una petici\u00f3n falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n, como hacer clic en un enlace."}], "id": "CVE-2025-12172", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-19T07:17:27.673", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3435538%40mailchimp&new=3435538%40mailchimp&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3e270633-0031-41c1-98ac-ce96cd599a60?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.0.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Mailchimp List Subscribe Form", "source": "cna", "vendor": "mailchimp"}, "product": "mailchimp_list_subscribe_form", "vendor": "mailchimp"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-22T11:52:09.163111+00:00", "value": {"mitigation_remediation": ["Upgrade the Mailchimp List Subscribe Form plugin to the latest stable release that removes the CSRF vulnerability.", "If an update is not yet available, temporarily disable the list change function for administrative users or use access restrictions until a patch is released.", "Monitor incoming requests to the list\u2011change endpoint and review logs for unexpected activity to detect potential exploitation attempts."], "summary": {"action": "Patch", "impact": "CSRF\u2011based unauthorized modification of Mailchimp list settings"}, "threat_synthesis": {"affected_systems": "All installations of the Mailchimp List Subscribe Form plugin for WordPress up to and including version 2.0.0 are affected. No specific smaller sub\u2011versions are listed, so any release with a version number of 2.0.0 or earlier is vulnerable.", "description_and_impact": "The Mailchimp List Subscribe Form plugin for WordPress contains a Cross\u2011Site Request Forgery flaw due to missing or incorrect nonce validation in the mailchimp_sf_change_list_if_necessary() function. This flaw allows an unauthenticated attacker, by tricking a site administrator into clicking a forged link, to change the Mailchimp list that the form subscribes to. The change can redirect subscriptions to an attacker\u2011controlled list, potentially compromising email data integrity and trust.", "risk_and_exploitability": "The vulnerability rates a moderate CVSS score of 4.3 and a very low EPSS score of <\u202f1\u202f%. It is not listed in the CISA KEV catalog. Because the attack requires an authenticated administrator to interact with a forged request, the attacker\u2019s success hinges on social engineering or user interaction. Once successful, the attacker gains the ability to alter list configuration, providing a channel to redistribute or harvest subscriber data."}}}}, "created": "2026-02-19T10:07:42.886161+00:00", "updated": "2026-04-22T12:00:05.902505+00:00", "vendors": ["mailchimp", "mailchimp$PRODUCT$mailchimp_list_subscribe_form", "wordpress", "wordpress$PRODUCT$wordpress"]}