CVE-2025-12172
CSRF Vulnerability in Mailchimp List Subscribe Form Plugin
Publication date: 2026-02-19
Last updated on: 2026-02-19
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mailchimp | list_subscribe_form | to 2.0.0 (inc) |
| mailchimp | list_subscribe_form | 2.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2025-12172 is a Cross-Site Request Forgery (CSRF) vulnerability in the Mailchimp List Subscribe Form plugin for WordPress, affecting all versions up to and including 2.0.0.'}, {'type': 'paragraph', 'content': "The vulnerability exists because the plugin's function mailchimp_sf_change_list_if_necessary() lacks proper nonce validation, which is a security measure to verify that requests are legitimate."}, {'type': 'paragraph', 'content': 'This flaw allows unauthenticated attackers to trick a site administrator into performing unintended actions, such as changing Mailchimp lists, by sending forged requests.'}, {'type': 'paragraph', 'content': 'The issue was fixed in version 2.0.1 by adding nonce verification and permission checks to ensure only authorized users can make such changes.'}] [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to manipulate Mailchimp list settings on a vulnerable WordPress site without authentication by tricking an administrator into clicking a malicious link.
Such unauthorized changes could disrupt email marketing campaigns, cause data integrity issues, or lead to unauthorized subscription list modifications.
While the CVSS score is moderate (4.3), the impact is limited to integrity as it does not allow data disclosure or denial of service.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves Cross-Site Request Forgery (CSRF) in the Mailchimp List Subscribe Form WordPress plugin versions up to 2.0.0, due to missing or incorrect nonce validation.'}, {'type': 'paragraph', 'content': "To detect exploitation attempts on your system or network, you can monitor HTTP requests targeting the Mailchimp List Subscribe Form plugin's admin actions, specifically those attempting to invoke the mailchimp_sf_change_list_if_necessary() function or update Mailchimp list IDs without proper nonce tokens."}, {'type': 'paragraph', 'content': "Look for POST requests to the plugin's admin endpoints that lack valid nonce parameters such as 'update_mc_list_id_nonce'."}, {'type': 'paragraph', 'content': 'Suggested commands include using web server logs or network monitoring tools to filter suspicious requests. For example, using grep on Apache or Nginx logs to find requests missing the nonce parameter or containing suspicious parameters:'}, {'type': 'list_item', 'content': "grep -i 'mailchimp_sf_change_list_if_necessary' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': "grep -i 'update_mc_list_id_nonce' /var/log/apache2/access.log | grep -v 'wp_nonce_field'"}, {'type': 'list_item', 'content': 'Use tools like Wireshark or tcpdump to capture HTTP POST requests to the WordPress admin URL and inspect for missing or invalid nonce tokens.'}, {'type': 'paragraph', 'content': 'Additionally, scanning your WordPress plugin version can help detect vulnerable installations by checking if the Mailchimp List Subscribe Form plugin version is 2.0.0 or earlier.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the Mailchimp List Subscribe Form WordPress plugin to version 2.0.1 or later, where nonce verification and permission checks have been implemented to prevent CSRF attacks.
Ensure that your WordPress installation is running version 6.4 or higher, as the plugin update requires this minimum version.
If immediate updating is not possible, restrict access to the WordPress admin area to trusted users only and avoid clicking on suspicious links that could trigger forged requests.
Monitor and audit admin actions related to Mailchimp list changes to detect any unauthorized modifications.
Consider implementing additional web application firewall (WAF) rules to block CSRF attempts targeting the vulnerable plugin endpoints.