{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-28T13:32:00.076","vulnerabilities":[{"cve":{"id":"CVE-2026-1303","sourceIdentifier":"security@wordfence.com","published":"2026-02-14T07:16:09.970","lastModified":"2026-06-17T10:15:28.987","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The MailChimp Campaigns plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.2.4. This is due to missing capability checks on the `mailchimp_campaigns_manager_disconnect_app` function that is hooked to the AJAX action of the same name. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disconnect the site from its MailChimp synchronization app, disrupting automated email campaigns and marketing integrations."},{"lang":"es","value":"El plugin MailChimp Campaigns para WordPress es vulnerable a la falta de autorización en todas las versiones hasta la 3.2.4, inclusive. Esto se debe a la falta de comprobaciones de capacidad en la función 'mailchimp_campaigns_manager_disconnect_app' que está conectada a la acción AJAX del mismo nombre. Esto hace posible que atacantes autenticados, con acceso de nivel Suscriptor y superior, desconecten el sitio de su aplicación de sincronización de MailChimp, interrumpiendo las campañas de correo electrónico automatizadas y las integraciones de marketing."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"matthieuscarset","product":"MailChimp Campaigns","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.2.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-17T15:39:10.427525Z","id":"CVE-2026-1303","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/olalaweb-mailchimp-campaign-manager/tags/3.2.4/mailchimp-campaigns-manager.php#L636","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/olalaweb-mailchimp-campaign-manager/trunk/mailchimp-campaigns-manager.php#L636","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c2057ec2-9f03-4ae9-b200-aa5a318b461e?source=cve","source":"security@wordfence.com"}]}}]}