6 matches found
CVE-2024-4289
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-4290
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-11141
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-11141
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-11141
The CVE-2024-11141 entry affects the Sailthru Triggermail WordPress plugin (versions 1.1 and earlier). The vulnerability arises because the plugin does not sanitize/escape certain settings and lacks CSRF protection, enabling Stored Cross-Site Scripting attacks even when unfiltered_html is disallo...
PT-2025-21413 · WordPress · Sailthru Triggermail Plugin
Name of the Vulnerable Software and Affected Versions: Sailthru Triggermail plugin for WordPress versions 1.1 and earlier Description: The issue concerns the Sailthru Triggermail WordPress plugin, which does not properly sanitise and escape some of its settings. Additionally, it lacks CSRF...