The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
History

Wed, 16 Oct 2024 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Brevo
Brevo newsletter\, Smtp\, Email Marketing And Subscribe
CPEs cpe:2.3:a:sendinblue:newsletter\,_smtp\,_email_marketing_and_subscribe:*:*:*:*:*:wordpress:*:* cpe:2.3:a:brevo:newsletter\,_smtp\,_email_marketing_and_subscribe:*:*:*:*:*:wordpress:*:*
Vendors & Products Sendinblue
Sendinblue newsletter\, Smtp\, Email Marketing And Subscribe
Brevo
Brevo newsletter\, Smtp\, Email Marketing And Subscribe

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-06-05T13:39:02.869Z

Updated: 2024-08-02T06:26:08.951Z

Reserved: 2023-05-02T11:37:40.456Z

Link: CVE-2023-2472

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-06-05T14:15:10.110

Modified: 2024-11-21T07:58:40.987

Link: CVE-2023-2472

cve-icon Redhat

No data.