2 matches found
CVE-2021-24874
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.31 does not escape the lang and pid parameter before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...
CVE-2021-24874
The CVE-2021-24874 entry affects the WordPress plugin Sendinblue Newsletter, SMTP, Email marketing and Subscribe forms (versions prior to 3.1.31). The root cause is failure to escape the lang and pid parameters when echoing them in HTML attributes, enabling Reflected Cross-Site Scripting. Impact ...