CVE-2025-10735
📋 TL;DR
The Block For Mailchimp WordPress plugin has a blind SSRF vulnerability that allows unauthenticated attackers to make arbitrary web requests from the vulnerable server. This can be used to query or modify internal services accessible to the web server. All WordPress sites using this plugin up to version 1.1.12 are affected.
💻 Affected Systems
- Block For Mailchimp – Easy Mailchimp Form Integration WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access sensitive internal services, exfiltrate data from internal APIs, or perform actions on internal systems that accept web requests.
Likely Case
Information disclosure from internal services, reconnaissance of internal network, or limited data modification on vulnerable internal endpoints.
If Mitigated
Limited impact if internal services are properly segmented and authenticated, though reconnaissance is still possible.
🎯 Exploit Status
SSRF vulnerabilities are commonly exploited and this one requires no authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.1.13 or later
Vendor Advisory: https://wordpress.org/plugins/block-for-mailchimp/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find 'Block For Mailchimp' and click 'Update Now'. 4. Verify update to version 1.1.13 or later.
🔧 Temporary Workarounds
Disable the plugin
allTemporarily disable the vulnerable plugin until patching is possible
wp plugin deactivate block-for-mailchimp
Web Application Firewall rule
allBlock requests to the vulnerable endpoint
Add WAF rule to block requests containing 'mcbSubmit_Form_Data' in URL or parameters
🧯 If You Can't Patch
- Segment internal network to restrict web server access to only necessary services
- Implement egress filtering to restrict outbound web requests from web servers
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'Block For Mailchimp' version 1.1.12 or earlierCheck Version:
wp plugin get block-for-mailchimp --field=versionVerify Fix Applied:
Verify plugin version is 1.1.13 or later in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual outbound HTTP requests from web server to internal IPs
- Requests to mcbSubmit_Form_Data endpoint with unusual parameters
Network Indicators:
- HTTP requests from web server to unexpected internal services
- Pattern of requests to internal IP ranges from web server
SIEM Query:
source="web_server_logs" AND (uri="*mcbSubmit_Form_Data*" OR user_agent="*curl*" OR user_agent="*wget*")🔗 References
- https://plugins.svn.wordpress.org/block-for-mailchimp/tags/1.1.9/mailchimp/API.php
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3368808%40block-for-mailchimp&new=3368808%40block-for-mailchimp&sfp_email=&sfph_mail=
- https://wordpress.org/plugins/block-for-mailchimp/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/51de575f-d458-4a7d-bc57-4a11e5124377?source=cve
