WordPress Plugin Vulnerabilities

SendPress Newsletters < 1.2 - Authenticated SQL Injection

Description

The SendPress Newsletters WordPress plugin was affected by an Authenticated SQL Injection security vulnerability.

Affects Plugins

Plugin icon
sendpress
Fixed in 1.2

References

CVE
CVE-2015-9448
URL
http://cinu.pl/research/wp-plugins/mail_8a2f7613577ea8e613ec274aeec14527.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
6.7 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
c1857331-7233-47a6-819a-75b1d512782d

Timeline

Publicly Published
2015-07-23 (about 10 years ago)
Added
2015-11-24 (about 10 years ago)
Last Updated
2020-07-13 (about 5 years ago)

Other

Published
Title
Published
2024-10-13
Title
ShortPixel Image Optimizer < 5.6.4 - Authenticated (Editor+) SQL Injection
Published
2023-08-11
Title
WooCommerce PDF Invoice Builder < 1.2.90 - Subscriber+ SQLi
Published
2025-07-10
Title
WPGYM - Wordpress Gym Management System < 67.8.0 - Unauthenticated SQL Injection
Published
2022-02-01
Title
Page Views Count < 2.4.15 - Unauthenticated SQL Injection
Published
2024-12-05
Title
KiviCare – Clinic & Patient Management System (EHR) < 3.6.5 - Unauthenticated SQL Injection