China National Vulnerability DatabaseCNVD-2022-69139WordPress Sendit WP Newsletter plugin SQL injection vulnerability
6.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
WordPress is the WordPress (Wordpress) Foundation’s suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. SQL injection vulnerability exists in WordPress Sendit WP Newsletter plugin version 2.5.1 and earlier, which stems from an administrator user’s failure to clean, validate or escape the id_lista POST parameter before using the plugin in a SQL statement. validate or escape before using the plugin in a SQL statement. An attacker could exploit this vulnerability to execute illegal SQL statements.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress sendit wp newsletter plugin | le | 2.5.1 |
Related
6.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P