90 matches found
CVE-2025-66128
Missing Authorization vulnerability in Brevo Sendinblue for WooCommerce woocommerce-sendinblue-newsletter-subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendinblue for WooCommerce: from n/a through = 4.0.49...
EUVD-2025-203582
Missing Authorization vulnerability in Brevo Sendinblue for WooCommerce woocommerce-sendinblue-newsletter-subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendinblue for WooCommerce: from n/a through = 4.0.49...
CVE-2025-66128
Missing Authorization vulnerability in Brevo Sendinblue for WooCommerce woocommerce-sendinblue-newsletter-subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendinblue for WooCommerce: from n/a through = 4.0.49...
CVE-2025-66128 WordPress Sendinblue for WooCommerce plugin <= 4.0.49 - Broken Access Control vulnerability
Missing Authorization vulnerability in Brevo Sendinblue for WooCommerce woocommerce-sendinblue-newsletter-subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendinblue for WooCommerce: from n/a through = 4.0.49...
CVE-2025-66128 WordPress Sendinblue for WooCommerce plugin <= 4.0.49 - Broken Access Control vulnerability
Missing Authorization vulnerability in Brevo Sendinblue for WooCommerce woocommerce-sendinblue-newsletter-subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendinblue for WooCommerce: from n/a through = 4.0.49...
CVE-2025-66128
CVE-2025-66128 is a published Missing Authorization vulnerability affecting the Brevo (Sendinblue) for WooCommerce plugin for WordPress. Affected software: Sendinblue for WooCommerce (woocommerce-sendinblue-newsletter-subscription) up to version 4.0.49. Root cause per sources: broken/misconfigure...
WordPress plugin Sendinblue for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-51416
Name of the Vulnerable Software and Affected Versions Brevo Sendinblue for WooCommerce versions through 4.0.49 Description An authorization issue exists in Brevo Sendinblue for WooCommerce woocommerce-sendinblue-newsletter-subscription, allowing exploitation of incorrectly configured access contr...
WordPress Sendinblue for WooCommerce plugin <= 4.0.49 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by ohmymex in WordPress Plugin Sendinblue for WooCommerce versions = 4.0.49...
EUVD-2021-11835
Malware in sbrugna...
EUVD-2021-11786
Malware in sbrugna...
EUVD-2025-4437
Malicious code in bioql PyPI...
EUVD-2024-35427
Malicious code in bioql PyPI...
EUVD-2023-33957
Malicious code in bioql PyPI...
EUVD-2024-40179
Malicious code in bioql PyPI...
EUVD-2024-30593
Malicious code in bioql PyPI...
CVE-2024-43287
Cross-Site Request Forgery CSRF vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/a through 3.1.82...
CVE-2023-26859
SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before allow a remote attacker to gain privileges via the ajaxOrderTracking.php component...
CVE-2023-2472
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which...
CVE-2021-24874
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.31 does not escape the lang and pid parameter before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...