WordPress Sendinblue for WooCommerce plugin <= 4.0.49 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ohmymex in WordPress Plugin Sendinblue for WooCommerce versions = 4.0.49...

EUVD-2021-11786

Malware in sbrugna...

EUVD-2023-33957

Malicious code in bioql PyPI...

CVE-2023-2472

The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which...

CVE-2021-24874

The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.31 does not escape the lang and pid parameter before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

CVE-2025-0953

The SMTP for Sendinblue – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

CVE-2023-2472 Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.61 - Reflected XSS

The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which...

WordPress plugin Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Newsletter, SMTP, Email...

PT-2022-9488 · Sendinblue · Sendinblue Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin versions prior to 3.1.31 Description: The issue is related to Reflected Cross-Site Scripting, where the lang and pid parameters are not properly escaped...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the WordPress plugin that stems from the Sendinblue plugin prior to...

CVE-2021-24923

The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.25 does not escape the sib-statistics-date parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue...

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Wordpress Plugin Sendinblue prior to version 3.1.25, which...