• WordPress Plugin MailChimp for WooCommerce is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin MailChimp for WooCommerce version 2.1.1 is vulnerable; prior versions may also be affected.

• Update to plugin version 2.1.2 or latest

• • https://www.pluginvulnerabilities.com/2017/11/22/our-wordpress-plugin-security-checker-identified-a-fairly-serious-vulnerability-in-a-plugin-by-mailchimp/

• 

• CWE-22

• Missing Update File Inclusion

• WordPress Plugin Ajax Search Lite Remote Command Execution (3.1)
• WordPress Plugin Welcart e-Commerce PHP Object Injection (1.9.3)
• WordPress Plugin FancyBox for WordPress Security Bypass (3.0.2)
• WordPress Plugin Custom Sidebars-Dynamic Widget Area Manager Cross-Site Scripting (2.1.0.1)
• WordPress Plugin XCloner-Backup and Restore Multiple Vulnerabilities (3.1.1)