The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Metrics
Affected Vendors & Products
References
History
Wed, 16 Oct 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Brevo
Brevo newsletter\, Smtp\, Email Marketing And Subscribe |
|
CPEs | cpe:2.3:a:brevo:newsletter\,_smtp\,_email_marketing_and_subscribe:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Sendinblue
Sendinblue newsletter\, Smtp\, Email Marketing And Subscribe |
Brevo
Brevo newsletter\, Smtp\, Email Marketing And Subscribe |
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-06-05T13:39:02.869Z
Updated: 2024-08-02T06:26:08.951Z
Reserved: 2023-05-02T11:37:40.456Z
Link: CVE-2023-2472
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-06-05T14:15:10.110
Modified: 2024-11-21T07:58:40.987
Link: CVE-2023-2472
Redhat
No data.