The bPlugins MailChimp Block plugin contains an unauthenticated broken access control vulnerability that permits unauthorized users to bypass security restrictions.

This vulnerability is identified as a broken access control flaw that does not require authentication. An attacker can leverage this to perform actions within the MailChimp Block plugin that should be restricted to authorized administrators.

This vulnerability carries a CVSS score of 8.3, indicating a critical risk to WordPress environments. Unauthorized access to plugin functionality can lead to the exposure of mailing list data, unauthorized modification of subscription forms, or potential cross-site scripting (XSS) opportunities if the plugin interfaces with the backend.

Immediate Action: Update the MailChimp Block plugin to the latest version immediately to resolve the access control deficiency.

Proactive Monitoring: Review WordPress access logs for unusual administrative activity or unauthorized requests directed at the plugin’s endpoints.

Compensating Controls: Utilize a Web Application Firewall (WAF) to block suspicious requests targeting plugin-specific file paths or parameters until the update is applied.

Public Exploit Available: false

The absence of an authentication requirement significantly elevates the risk profile of this vulnerability. Administrators must treat this as a high-priority update to prevent potential data harvesting or site manipulation by remote, unauthenticated threat actors.