CVE-2023-3779: 
WordPress vulnerability analysis and mitigation

The Essential Addons For Elementor WordPress plugin (versions up to 5.8.1) contains a vulnerability identified as CVE-2023-3779, discovered on July 19, 2023. This security issue affects the premium version of the plugin specifically when the MailChimp block is enabled on a page. The vulnerability allows unauthenticated users to access sensitive API key information (NVD, WPScan).

The vulnerability stems from the plugin's implementation where it inadvertently adds the MailChimp API key to the source code of any page running the MailChimp block. This exposure allows unauthenticated attackers to obtain the site's MailChimp API key. The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating network accessibility with low attack complexity and no required privileges (NVD).

The vulnerability exposes the MailChimp API key, which could allow attackers to access and potentially manipulate the affected site's MailChimp account and associated email marketing data. This exposure is particularly concerning for sites running the premium version of the plugin with the MailChimp block enabled (NVD).

The vulnerability has been patched in version 5.8.2 of the Essential Addons For Elementor plugin. Site administrators are strongly recommended to update to this version or later. Additionally, it is advised to reset any MailChimp API keys if running a vulnerable version of the plugin with the MailChimp block enabled, as the API key may have been compromised (NVD).