Description
Unauthenticated Broken Access Control in MailChimp Block <= 1.1.15 versions.
Published: 2026-06-26
Score: 8.3 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an unauthenticated broken access control flaw in versions of the MailChimp Block plugin up to 1.1.15. It allows an attacker who can access the WordPress site to perform administrative actions normally reserved for authenticated users, potentially modifying or viewing private data. The weakness aligns with CWE‑862, indicating improper enforcement of authorization checks.

Affected Systems

The affected product is the MailChimp Block plugin distributed by bPlugins, used within WordPress installations. Versions up to and including 1.1.15 are impacted; newer releases such as 1.1.16 and later contain the fix.

Risk and Exploitability

The CVSS score of 8.3 signals a high severity. Because no authentication is required, malicious actors can exploit this without credentials, although precise EPSS data is unavailable. The vulnerability is not listed in the CISA KEV catalog. Potential exploitation would involve sending crafted requests to the plugin's endpoints, leveraging the missing access checks to gain unauthorized control.

Generated by OpenCVE AI on June 26, 2026 at 17:11 UTC.

Remediation

Vendor Solution

Update the WordPress MailChimp Block Plugin to the latest available version (at least 1.1.16).

OpenCVE Recommended Actions

  • Update the MailChimp Block plugin to version 1.1.16 or later.
  • If an update is not immediately possible, disable the plugin to prevent exploitation while an upgrade is arranged.
  • Restrict plugin usage to trusted, authenticated administrators and monitor site logs for suspicious activity.

Generated by OpenCVE AI on June 26, 2026 at 17:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Description Unauthenticated Broken Access Control in MailChimp Block <= 1.1.15 versions.
Title WordPress MailChimp Block plugin <= 1.1.15 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-26T16:55:45.464Z

Reserved: 2026-06-18T14:38:18.948Z

Link: CVE-2026-56063

cve-icon Vulnrichment

Updated: 2026-06-26T16:55:33.555Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T17:15:04Z

Weaknesses