2 matches found
CVE-2021-24345
The CVE-2021-24345 entry describes a SQL Injection in the Sendit WP Newsletter WordPress plugin (versions ≤ 2.5.1) that is exploitable by an Administrator user via the id_lista POST parameter in the lists-management feature. The underlying issue is lack of sanitization/escaping of id_lista before...
CVE-2021-24345 Sendit WP Newsletter <= 2.5.1 - Authenticated (admin+) SQL Injection
The page lists-management feature of the Sendit WP Newsletter WordPress plugin through 2.5.1, available to Administrator users does not sanitise, validate or escape the idlista POST parameter before using it in SQL statement, therefore leading to Blind SQL Injection...