Lucene search
WPScanVULNRICHMENT:CVE-2024-4289HistoryMay 21, 2024 - 6:00 a.m.
CVE-2024-4289 Sailthru Triggermail <= 1.1 - Reflected XSS
2024-05-2106:00:02
WPScan
github.com
4
sailthru
triggermail
xss
vulnerability
wordpress
plugin
version 1.1
reflected
cross-site scripting
admin
AI Score
6
Confidence
High
EPSS
0
Percentile
9.0%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CNA Affected
[
{
"vendor": "Unknown",
"product": "Sailthru Triggermail",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "1.1"
}
],
"defaultStatus": "affected"
}
]Related
nvd
nvd
CVE-2024-4289
2024-05-21 06:15:09
cvelist
cvelist
CVE-2024-4289 Sailthru Triggermail <= 1.1 - Reflected XSS
2024-05-21 06:00:02
cve
cve
CVE-2024-4289
2024-05-21 06:15:09
wpvulndb
wpvulndb
Sailthru Triggermail <= 1.1 - Reflected XSS
2024-04-30 00:00:00
wpexploit
wpexploit
Sailthru Triggermail <= 1.1 - Reflected XSS
2024-04-30 00:00:00
Sailthru Triggermail <= 1.1 - Reflected XSS
2024-04-30 00:00:00
wordfence
wordfence
AI Score
6
Confidence
High
EPSS
0
Percentile
9.0%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-4289