CVE-2021-24874

Summary

The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.31 does not escape the lang and pid parameter before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues

Affected Software

VendorProductVersion RangeStatus
UnknownNewsletter, SMTP, Email marketing and Subscribe forms by Sendinblue3.1.31 < 3.1.31affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References