CVE-2021-24923

CVE-2021-24923: Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS

Vendor Unknown

Product Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue

Weakness CWE-79 · XSS

Published January 24, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.25 does not escape the sib-statistics-date parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue

Key dates

02Disclosure timeline

January 24, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24923

Related vulnerabilities

04Related CVE

CVE-2021-32857 Cockpit vulnerable to Cross-site Scripting CVE-2022-22182 Junos OS: A XSS vulnerability allows an attacker to execute commands on a target J-Web session CVE-2025-9061 Wilmer Core <= 2.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-4382 tdevs Hyip Rio Profile Settings settings cross site scripting CVE-2025-23760 WordPress Chatter plugin <= 1.0.1 - CSRF to Stored XSS vulnerability