The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.31 does not escape the lang and pid parameter before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/28d34cc1-2294-4409-a60f-c8c441eb3f2d | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/28d34cc1-2294-4409-a60f-c8c441eb3f2d | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:53
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/28d34cc1-2294-4409-a60f-c8c441eb3f2d - Exploit, Third Party Advisory |
16 Oct 2024, 13:26
Type | Values Removed | Values Added |
---|---|---|
First Time |
Brevo newsletter\, Smtp\, Email Marketing And Subscribe
Brevo |
|
CPE | cpe:2.3:a:brevo:newsletter\,_smtp\,_email_marketing_and_subscribe:*:*:*:*:*:wordpress:*:* |
Information
Published : 2022-02-14 12:15
Updated : 2024-11-21 05:53
NVD link : CVE-2021-24874
Mitre link : CVE-2021-24874
CVE.ORG link : CVE-2021-24874
JSON object : View
Products Affected
brevo
- newsletter\,_smtp\,_email_marketing_and_subscribe
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')