CVE-2024-7489 MEDIUM

CVE-2024-7489: Forms for Mailchimp by Optin Cat <= 2.5.7 - Authenticated (Editor+) Stored Cross-Site Scripting via Form Color Parameters

Vendor Fatcatapps
Product Forms for Mailchimp by Optin Cat – Grow Your MailChimp List
Weakness CWE-79 · XSS
Published October 12, 2024
Last update April 8, 2026
View on NVD All CVEs

CVSS base score

4.4/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Key dates

02Disclosure timeline

October 12, 2024 CVE published
April 8, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2021-24389 FoodBakery < 2.2 - Reflected Cross-Site Scripting (XSS) CVE-2024-37166 ghtml Cross-Site Scripting (XSS) vulnerability CVE-2025-58026 WordPress Termageddon: Cookie Consent & Privacy Compliance Plugin <= 1.8.1 - Cross Site Scripting (XSS) Vulnerability CVE-2025-14385 WP Recipe Maker <= 10.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2025-67984 WordPress NPS computy plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability