Lucene search

K
wpvulndbBob MatyasWPVDB-ID:072785DE-0CE5-42A4-A3FD-4EB1D1A2F1BE
HistoryApr 30, 2024 - 12:00 a.m.

Sailthru Triggermail <= 1.1 - Reflected XSS

2024-04-3000:00:00
Bob Matyas
wpscan.com
2
reflected xss
sanitization
cross-site scripting
admin privilege

8.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Description The plugin does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PoC

Make a logged in admin open:

8.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for WPVDB-ID:072785DE-0CE5-42A4-A3FD-4EB1D1A2F1BE