BUG Sendinblue < 3.1.25 – XSS
-
Description
The plugin does not escape the sib-statistics-date parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue
Proof of ConceptThe PoC will be displayed on December 31, 2021, to give users the time to update.
A New fixed update is URGENT
Thanks
The page I need help with: [log in to see the link]
Viewing 8 replies - 1 through 8 (of 8 total)
-
@pixelmm @rswebsols
v3.1.30 was released and is under review by the plugin review team.
We are waiting for their approval to open the plugin and make it available for download.
Viewing 8 replies - 1 through 8 (of 8 total)
- The topic ‘BUG Sendinblue < 3.1.25 – XSS’ is closed to new replies.
