The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin prior to 3.1.25 does not escape the sib-statistics-date parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sendinblue newsletter\\, smtp\\, email marketing and subscribe |