Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Brevo — Vulnerabilities & Security Advisories 4

Browse all 4 CVE security advisories affecting Brevo. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Brevo provides a digital communication platform for email marketing, CRM, and transactional messaging. Historically, vulnerabilities have included stored cross-site scripting (XSS) in email templates, remote code execution (RCE) in file upload features, and privilege escalation flaws in administrative panels. The platform has experienced security incidents, including a 2023 data breach affecting 33 million users where email addresses and IP addresses were exposed. Security assessments often identify input validation weaknesses and insufficient access controls, particularly in user-generated content handling. While the company has addressed reported issues through patches, the persistent presence of multiple CVEs indicates ongoing challenges in secure coding practices across their web applications.

Top products by Brevo: Sendinblue for WooCommerce Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue
CVE IDTitleCVSSSeverityPublished
CVE-2025-66128 WordPress Sendinblue for WooCommerce plugin <= 4.0.49 - Broken Access Control vulnerability — Sendinblue for WooCommerceCWE-862 5.3 Medium2025-12-16
CVE-2024-43287 WordPress Brevo plugin <= 3.1.82 - Cross Site Request Forgery (CSRF) vulnerability — Newsletter, SMTP, Email marketing and Subscribe forms by SendinblueCWE-352 4.3 Medium2024-08-26
CVE-2024-35668 WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Brevo plugin <= 3.1.77 - Reflected Cross Site Scripting (XSS) vulnerability — Newsletter, SMTP, Email marketing and Subscribe forms by SendinblueCWE-79 7.1 High2024-06-04
CVE-2024-32807 WordPress Brevo for WooCommerce plugin <= 4.0.17 - Arbitrary File Download and Deletion vulnerability — Sendinblue for WooCommerceCWE-22 8.5 High2024-05-06

This page lists every published CVE security advisory associated with Brevo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.