EIP-2026-114029

This is a writeup describing a blind SQL injection vulnerability in the WordPress SendIt plugin <= 1.5.9. The vulnerability arises from unsanitized user input in the 'lista' parameter, which is directly used in a SQL query without validation or escaping.