Vulnerabilities and security researches forwoocommerce-sendinblue-newsletter-subscription woocommerce-sendinblue-newsletter-subscription

Jun 07, 2024

CVE, Research URL: CVE-2024-32807
Home page URL: Security reports for Brevo for WooCommerce
Application: Brevo for WooCommerce
Date: May 06, 2024
Research Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brevo Sendinblue for WooCommerce allows Relative Path Traversal, Manipulating Web Input to File System Calls.This issue affects Sendinblue for WooCommerce: from n/a through 4.0.17.
Affected versions: max 4.0.18.
Status: vulnerable

Jan 10, 2026

CVE, Research URL: CVE-2025-66128
Home page URL: Security reports for Brevo for WooCommerce
Application: Brevo for WooCommerce
Date: Dec 16, 2025
Research Description: Missing Authorization vulnerability in Brevo Sendinblue for WooCommerce woocommerce-sendinblue-newsletter-subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendinblue for WooCommerce: from n/a through <= 4.0.49.
Affected versions: max 4.0.49.
Status: vulnerable