ByteOS Network

sendy

Source -

NVDCNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

3Vulnerabilities found

CVE-2025-68564

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-Not Assigned

EPSS-0.02% / 3.82%

7 Day CHG~0.00%

Published-20 Feb, 2026 | 15:46

Updated-20 Feb, 2026 | 16:55

WordPress Sendy plugin <= 3.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in sendy Sendy sendy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendy: from n/a through <= 3.4.2.

Vendor-sendy

Product-Sendy

CWE ID-CWE-862

Missing Authorization

CVE-2014-100011

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-0.29% / 52.24%

7 Day CHG~0.00%

Published-13 Jan, 2015 | 15:00

Updated-12 Apr, 2025 | 10:46

SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote attackers to execute arbitrary SQL commands via the c parameter.

Vendor-sendy n/a

Product-sendy n/a

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2014-100012

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-0.25% / 47.68%

7 Day CHG~0.00%

Published-13 Jan, 2015 | 15:00

Updated-12 Apr, 2025 | 10:46

SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter.

Vendor-sendy n/a

Product-sendy n/a

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')