VYPR

WP Email Users

by WordPress

CVEs (2)

  • CVE-2021-24959HigMar 14, 2022
    risk 0.57cvss 8.8epss 0.02

    The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks.

  • CVE-2022-1605MedJun 13, 2022
    risk 0.42cvss 6.5epss 0.01

    The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users