CVE-2015-9448 (sendpress)

The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter.

View Full Alert