WordPress Plugin Vulnerabilities

MailPoet Newsletters <= 2.7.2 - SQL Injection

Description

Changelog states: "Fixed SQL injection vulnerability (Thanks to Force Interactive)"

Affects Plugins

Plugin icon
wysija-newsletters
Fixed in 2.7.3

References

URL
https://plugins.trac.wordpress.org/changeset/1469869/wysija-newsletters

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
98862096-d714-4165-bcfa-765ca108ec78

Timeline

Publicly Published
2016-09-11 (about 9 years ago)
Added
2016-09-11 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2022-10-21
Title
Quiz And Survey Master < 7.3.5 - Admin+ SQL Injection
Published
2026-03-25
Title
Amelia < 2.1.2 - Authenticated (Custom role+) SQL Injection
Published
2021-10-11
Title
WCFM - Frontend Manager for WooCommerce < 6.5.12 - Customer/Subscriber+ SQL Injection
Published
2024-07-11
Title
Wallet for WooCommerce < 1.5.5 - Authenticated (Subscriber+) SQL Injection via 'search[value]'
Published
2026-04-29
Title
JoomSport – for Sports: Team & League, Football, Hockey & more < 5.7.8 - Unauthenticated SQL Injection