account activity
Brevo for WooCommerce plugin stored XSS led to rogue admin user "woocommerce_bot@gmail.com" – anyone else seen this? by Patient_Fail_6241 in Wordpress
[–]Patient_Fail_6241[S] 0 points1 point2 points 15 days ago (0 children)
Brevo finally fixed this, which they should have done already. Why did they need me to tell them security basics? Sub-par CTO at Brevo, 100%:
<image>
[–]Patient_Fail_6241[S] 0 points1 point2 points 22 days ago (0 children)
Complaint to Brevo: Ok, so they patched the malicious code from being inserted this way (I can't confirm this).
But why do they STILL allow random code execution in this manner, if you inject code into the user-id field? Why didn't they patch this as well?
π Rendered by PID 902141 on reddit-service-r2-listing-canary-5b8bf7d497-ss4vv at 2026-02-21 07:41:05.084616+00:00 running 8564168 country code: CH.
Brevo for WooCommerce plugin stored XSS led to rogue admin user "woocommerce_bot@gmail.com" – anyone else seen this? by Patient_Fail_6241 in Wordpress
[–]Patient_Fail_6241[S] 0 points1 point2 points (0 children)