cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8477,https://securityvulnerability.io/vulnerability/CVE-2024-8477,Cross-Site Request Forgery Vulnerability Affects Brevo Plugin for WordPress,"The Brevo Newsletter, SMTP, Email marketing, and Subscribe forms plugin for WordPress contains a vulnerability that allows for Cross-Site Request Forgery (CSRF) due to inadequate nonce validation within the Init() function. This security flaw enables unauthenticated attackers to potentially force a logged-in site administrator to log out of a Brevo connection by tricking them into performing an unintended action, such as clicking on a malicious link. This vulnerability affects all plugin versions up to and including 3.1.87, emphasizing the need for website administrators using this plugin to ensure they are operating on the latest version and implementing additional security measures.",Wordpress,"Newsletter, Smtp, Email Marketing And Subscribe Forms By Brevo (formely Sendinblue)",4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-10-10T02:06:12.095Z,0
CVE-2023-2472,https://securityvulnerability.io/vulnerability/CVE-2023-2472,"Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.61 - Reflected XSS","The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,"Newsletter, Smtp, Email Marketing And Subscribe Forms By Sendinblue",6.1,MEDIUM,0.0007600000244565308,false,,false,false,false,,false,false,2023-06-05T14:15:00.000Z,0
CVE-2021-24874,https://securityvulnerability.io/vulnerability/CVE-2021-24874,"Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.31 - Reflected Cross-Site Scripting","The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.31 does not escape the lang and pid parameter before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues",Wordpress,"Newsletter, Smtp, Email Marketing And Subscribe Forms By Sendinblue",6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,false,false,2022-02-14T09:20:36.000Z,0
CVE-2021-24923,https://securityvulnerability.io/vulnerability/CVE-2021-24923,"Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS","The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.25 does not escape the sib-statistics-date parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue",Wordpress,"Newsletter, Smtp, Email Marketing And Subscribe Forms By Sendinblue",6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,false,false,2022-01-24T08:00:55.000Z,0