CVE-2021-24345

CVE-2021-24345: Sendit WP Newsletter <= 2.5.1 - Authenticated (admin+) SQL Injection

Vendor Unknown

Product Sendit WP Newsletter

Weakness CWE-89 · SQLi

Published June 14, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The page lists-management feature of the Sendit WP Newsletter WordPress plugin through 2.5.1, available to Administrator users does not sanitise, validate or escape the id_lista POST parameter before using it in SQL statement, therefore leading to Blind SQL Injection.

Key dates

02Disclosure timeline

June 14, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24345

Related vulnerabilities

04Related CVE

CVE-2022-0887 Easy Social Icons < 3.1.4 - Admin+ SQL Injection CVE-2025-15074 itsourcecode Online Frozen Foods Ordering System customer_details.php sql injection CVE-2022-0694 Advanced Booking Calendar < 1.7.0 - Unauthenticated SQL Injection CVE-2018-25424 Gate Pass Management System 2.1 SQL Injection via login-exec.php CVE-2024-55984 WordPress Saksh Escrow System plugin <= 2.4 - SQL Injection vulnerability