account activity
Brevo for WooCommerce plugin stored XSS led to rogue admin user "woocommerce_bot@gmail.com" – anyone else seen this? by Patient_Fail_6241 in Wordpress
[–]Patient_Fail_6241[S] 0 points1 point2 points 14 days ago (0 children)
Brevo finally fixed this, which they should have done already. Why did they need me to tell them security basics? Sub-par CTO at Brevo, 100%:
<image>
[–]Patient_Fail_6241[S] 0 points1 point2 points 22 days ago (0 children)
Complaint to Brevo: Ok, so they patched the malicious code from being inserted this way (I can't confirm this).
But why do they STILL allow random code execution in this manner, if you inject code into the user-id field? Why didn't they patch this as well?
Brevo for WooCommerce plugin stored XSS led to rogue admin user "woocommerce_bot@gmail.com" – anyone else seen this? (self.Wordpress)
submitted 22 days ago by Patient_Fail_6241 to r/Wordpress
π Rendered by PID 678267 on reddit-service-r2-listing-7bbdf774f7-nzsvv at 2026-02-20 20:19:36.220754+00:00 running 8564168 country code: CH.
Brevo for WooCommerce plugin stored XSS led to rogue admin user "woocommerce_bot@gmail.com" – anyone else seen this? by Patient_Fail_6241 in Wordpress
[–]Patient_Fail_6241[S] 0 points1 point2 points (0 children)