CVE-2024-4290 Sailthru Triggermail <= 1.1 - Admin+ Stored XSS

The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-4289 Sailthru Triggermail <= 1.1 - Reflected XSS

The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-4289

CVE-2024-4289 affects Sailthru Triggermail WordPress plugin (versions ≤ 1.1). It describes a Reflected Cross-Site Scripting due to unsanitized/uncleaned parameters echoed back in pages/attributes, potentially exploitable against admin/high-privilege users. Exploitation details are not provided in...

WordPress Sailthru Triggermail Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Sailthru Triggermail Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4289 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7b53f4a9625e Credits Bob Matyas Requir...

WordPress Sailthru Triggermail Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Sailthru Triggermail Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4290 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b1b912c29aa4 Credits Bob Matyas Required...

WordPress Plugin Sailthru Triggermail 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress Plugin Sailthru Triggermail 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

Sailthru Triggermail <= 1.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...

Sailthru Triggermail <= 1.1 - Reflected XSS

Description The plugin does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin The PoC will be displayed on May 14, 2024, to give users the time ...

Sailthru Triggermail <= 1.1 - Reflected XSS

Description The plugin does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open: alert23' /...

Sailthru Triggermail <= 1.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...