Description

WordPress Plugin Newsletter-Send awesome emails from WordPress is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin Newsletter-Send awesome emails from WordPress version 3.0.8 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.0.9 or latest

References

http://www.1337day.com/exploit/20287

Related Vulnerabilities

WordPress Plugin Coming Soon & Maintenance Mode Page Unspecified Vulnerability (1.40)

WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads Multiple Vulnerabilities (2.2.4)

Envoy Proxy Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2024-32976)

WordPress Plugin Newsletter-Send awesome emails from WordPress Cross-Site Scripting (4.6.0)

WordPress Plugin Smart Slider 3 Cross-Site Scripting (3.5.0.8)

Severity

High

Classification

CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update SQL Injection