CVE-2021-24345

The page lists-management feature of the Sendit WP Newsletter WordPress plugin through 2.5.1, available to Administrator users does not sanitise, validate or escape the idlista POST parameter before using it in SQL statement, therefore leading to Blind SQL Injection...

WordPress Plugin SendIt 1.5.9 - Blind SQL Injection

Exploit Title: WordPress SendIt plugin getvar"SELECT COUNT FROM $tableemail where email ='$POSTemailadd' and idlista = '$POSTlista';"; As you can see, $POSTlista parameter is nor validated neither escaped, so you can blind sql inject it using $usercount for the boolean condition checking :...

WordPress SendIt Plugin <= 1.5.9 - Blind SQL Injection

This WordPress SendIt plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

WordPress SendIt plugin <= 1.5.9 Blind SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress SendIt plugin getvar"SELECT COUNT FROM $tableemail where email ='$POSTemailadd' and idlista = '$POSTlista';"; As you can see, $POSTlista parameter is nor validated neither escaped, so you can blind sql inject it using...