WordPress Brevo for WooCommerce plugin <= 4.0.49 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by shark3y in WordPress Plugin Sendinblue for WooCommerce versions = 4.0.49...

CVE-2025-14436

The CVE-2025-14436 entry concerns the Brevo for WooCommerce WordPress plugin (≤ v4.0.49). It enables unauthenticated Stored XSS via the user_connection_id parameter, due to insufficient input sanitization and output escaping. The vulnerability comprises: vulnerable code in woocommerce-sendinblue....

WordPress plugin Brevo for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2026-1742

Name of the Vulnerable Software and Affected Versions Brevo for WooCommerce versions up to and including 4.0.49 Description The Brevo for WooCommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting through the user connection id parameter. Insufficient input sanitization and...

PT-2024-8716

Name of the Vulnerable Software and Affected Versions SIMATIC CP 1543-1 versions 4.0.44 through 4.0.49 Description The issue is related to improper authorization handling in the SIMATIC CP 1543-1 communication module's firmware. This could allow an unauthenticated remote attacker to bypass existi...