Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
MailChimp Campaigns plugin for WordPress allows attackers to break email campaigns
CVE-2026-1303
Summary
A security issue in the MailChimp Campaigns plugin for WordPress lets attackers with Subscriber-level access or higher disconnect a website from its MailChimp integration, disrupting automated email campaigns and marketing efforts. This can happen if the plugin is not updated to the latest version. To fix this, update the MailChimp Campaigns plugin to the latest version (at least 3.2.5) to ensure security and prevent potential disruptions.
Original title
The MailChimp Campaigns plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.2.4. This is due to missing capability checks on the `mailchimp_campaigns...
Original description
The MailChimp Campaigns plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.2.4. This is due to missing capability checks on the `mailchimp_campaigns_manager_disconnect_app` function that is hooked to the AJAX action of the same name. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disconnect the site from its MailChimp synchronization app, disrupting automated email campaigns and marketing integrations.
nvd CVSS3.1
5.3
Vulnerability type
CWE-862
Missing Authorization
Published: 14 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026