The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.31 does not escape the lang and pid parameter before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
History

Wed, 16 Oct 2024 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Brevo
Brevo newsletter\, Smtp\, Email Marketing And Subscribe
CPEs cpe:2.3:a:sendinblue:newsletter\,_smtp\,_email_marketing_and_subscribe:*:*:*:*:*:wordpress:*:* cpe:2.3:a:brevo:newsletter\,_smtp\,_email_marketing_and_subscribe:*:*:*:*:*:wordpress:*:*
Vendors & Products Sendinblue
Sendinblue newsletter\, Smtp\, Email Marketing And Subscribe
Brevo
Brevo newsletter\, Smtp\, Email Marketing And Subscribe

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-02-14T09:20:36

Updated: 2024-08-03T19:49:14.383Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24874

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-02-14T12:15:14.573

Modified: 2024-11-21T05:53:55.900

Link: CVE-2021-24874

cve-icon Redhat

No data.