cleantalk
Vulnerabilities and Security Researches

Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue), CVE-2021-24874

CVE, Research URL

CVE-2021-24874

Home page URL

Security reports for Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)

Application

Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)

Published on
Feb 14, 2022
Research Description
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.31 does not escape the lang and pid parameter before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
Affected versions
max 3.1.31.
Status
vulnerable
Previous vulnerability researches
Mailing Group Listserv (CVE-2025-46463) , May 05, 2025
Mailing Group Listserv (CVE-2025-22595) , Jan 11, 2025
Mailing Group Listserv (CVE-2025-22527) , Jan 11, 2025
Mailing Group Listserv (CVE-2025-50036) , Jun 23, 2025
SMTP Mailing Queue (CVE-2023-1090) , Jun 07, 2024
New vulnerability
SiteGuard WP Plugin (CVE-2026-27411) , Mar 29, 2026
Visual Portfolio, Photo Gallery & Post Grid (CVE-2026-32537) , Mar 29, 2026
StatCounter – Free Real Time Visitor Stats (CVE-2025-13048) , Mar 29, 2026
TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds (CVE-2026-32398) , Mar 29, 2026
Activity Log WinterLock (CVE-2026-24987) , Mar 29, 2026