Lucene search

CVE-2024-4290

🗓️ 21 May 2024 06:09:15Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 42 Views🌐 WEB

Sailthru Triggermail WordPress plugin allows Stored Cross-Site Scripting

Reporter	Title	Published	Views	Family All 7
NVD	CVE-2024-4290	21 May 202406:15	–	nvd
wpexploit	Sailthru Triggermail <= 1.1 - Admin+ Stored XSS	30 Apr 202400:00	–	wpexploit
Cvelist	CVE-2024-4290 Sailthru Triggermail <= 1.1 - Admin+ Stored XSS	21 May 202406:00	–	cvelist
Vulnrichment	CVE-2024-4290 Sailthru Triggermail <= 1.1 - Admin+ Stored XSS	21 May 202406:00	–	vulnrichment
Patchstack	WordPress Sailthru Triggermail Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)	21 May 202400:00	–	patchstack
WPVulnDB	Sailthru Triggermail <= 1.1 - Admin+ Stored XSS	30 Apr 202400:00	–	wpvulndb
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (April 29, 2024 to May 5, 2024)	9 May 202416:49	–	wordfence

Vulners

Vulnrichment

Node

sailthru_triggermailRange≤1.1wordpress

[
  {
    "vendor": "Unknown",
    "product": "Sailthru Triggermail",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "1.1"
      }
    ],
    "defaultStatus": "affected"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/a9a10d0f-d8f2-4f3e-92bf-94fc08416d87/

Parameter	Position	Path	Description	CWE
input	request body	/wp-admin/options-general.php?page=sailthru&action=options	Stored Cross-Site Scripting vulnerability due to lack of sanitization and escaping of settings in the Sailthru Triggermail WordPress plugin.	CWE-82, CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

21 May 2024 06:15Current

7.6High risk

Vulners AI Score7.6

CVSS37.1

EPSS0.00167

SSVC