CVE-2021-24874

CVE-2021-24874: Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.31 - Reflected Cross-Site Scripting

Vendor Unknown

Product Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue

Weakness CWE-79 · XSS

Published February 14, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.31 does not escape the lang and pid parameter before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues

Key dates

02Disclosure timeline

February 14, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24874 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2026-3984 Campcodes Division Regional Athletic Meet Game Result Matrix System save_up_athlete.php cross site scripting CVE-2026-27382 WordPress Metro theme <= 2.13 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2019-25234 Carlo Gavazzi SmartHouse Webapp 6.5.33 Cross-Site Request Forgery and XSS CVE-2021-24722 Restaurant Menu by MotoPress < 2.4.2 - Admin+ Stored Cross Site Scripting CVE-2025-49410 WordPress TC Testimonials plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability