Description
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Published: 2024-05-21
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 21 May 2025 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Jontasc
Jontasc sailthru Triggermail
Weaknesses CWE-79
CPEs cpe:2.3:a:jontasc:sailthru_triggermail:*:*:*:*:*:wordpress:*:*
Vendors & Products Jontasc
Jontasc sailthru Triggermail

Subscriptions

Jontasc Sailthru Triggermail
Jontascher Sailthru Triggermail
cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2024-08-01T20:33:53.097Z

Reserved: 2024-04-27T03:11:09.807Z

Link: CVE-2024-4290

cve-icon Vulnrichment

Updated: 2024-05-21T14:44:56.932Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-21T06:15:09.767

Modified: 2025-05-21T19:02:33.450

Link: CVE-2024-4290

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses