cleantalk
Vulnerabilities and Security Researches

Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue), CVE-2023-2472

CVE, Research URL

CVE-2023-2472

Home page URL

Security reports for Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)

Application

Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)

Published on
Jun 05, 2023
Research Description
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected versions
max 3.1.78.
Status
vulnerable
Previous vulnerability researches
Mailing Group Listserv (CVE-2025-46463) , May 05, 2025
Mailing Group Listserv (CVE-2025-22595) , Jan 11, 2025
Mailing Group Listserv (CVE-2025-22527) , Jan 11, 2025
Mailing Group Listserv (CVE-2025-50036) , Jun 23, 2025
SMTP Mailing Queue (CVE-2023-1090) , Jun 07, 2024
New vulnerability
SiteGuard WP Plugin (CVE-2026-27411) , Mar 29, 2026
Visual Portfolio, Photo Gallery & Post Grid (CVE-2026-32537) , Mar 29, 2026
StatCounter – Free Real Time Visitor Stats (CVE-2025-13048) , Mar 29, 2026
TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds (CVE-2026-32398) , Mar 29, 2026
Activity Log WinterLock (CVE-2026-24987) , Mar 29, 2026