Tag: payloads

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 – Reflected XSS

The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.25 does not escape the sib-statistics-date parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue Proof of Concept: Reference:

November 21, 2022
Elementor < 3.4.8 – DOM Cross-Site-Scripting

The plugin does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue. The issue was initially fixed in 3.1.4, however re-introduced in 3.2.0. The base64 string is an encoded JSON with the following structure: This vulnerability has been fixed in the version 3.1.4.…

November 21, 2022

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 – Reflected XSS