Description
WordPress Plugin MailChimp for WooCommerce is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin MailChimp for WooCommerce version 2.1.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.1.2 or latest
References
Related Vulnerabilities
Drupal Core 9.3.x Cross-Site Scripting (9.3.0 - 9.3.18)
WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.23)
WordPress Plugin Trashbin 'mtb_undelete' Parameter Cross-Site Scripting (0.1)
WordPress Plugin WOOCS-Currency Switcher for WooCommerce Professional Local File Inclusion (1.3.6.2)
Oracle Database Server CVE-2014-4297 Vulnerability (CVE-2014-4297)