3 Security Vulnerabilities

[Alongar]

Hello @EvanHerman,

There are 3 security vulnerabilities for Easy Forms for Mailchimp plugin. You can view the 3 unpatched vulnerabilities here:

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/yikes-inc-easy-mailchimp-extender

wordpress.org also removed the plugin from the repository.

[TheAndyMac]

@EvanHerman Hope you are OK.

Is this plugin now abandoned?

Just tried to send an email to you on @codeparrots.com and that is now bouncing.

The email I had sent had three issues listed:

1. Still having security issues being reported as not yet fixed, as the PatchStack team reviewed 6.9.0 and came back with “We still don’t see that the log filename has been secured by adding a sufficient length of random string as the prefix or suffix on version 6.9.0. Additionally, we also recommend to apply .htaccess rule to prevent direct access.”
   https://wordpress.org/support/topic/another-security-risk-picked-up-on-6-9-0/
   Logfile Data Exposure Vulnerability Still Present in 6.9.0 #920

2. Warning: this plugin has not been tested with your current version of WordPress (for WP 6.5.2)

3. the deprecation notice that seems to be coming up from PHP 8.2 with the plugin
   https://wordpress.org/support/topic/deprecated-notice-when-upgrading-to-php-8-2/
   PHP 8 - Deprecated function signature #906