Email Log
by WordPress
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-24758 | Hig | 0.57 | 8.8 | 0.01 | Nov 17, 2021 | The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections | ||
| CVE-2024-0867 | Hig | 0.53 | 8.1 | 0.01 | May 24, 2024 | The Email Log plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 2.4.8 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain… | ||
| CVE-2021-24924 | Med | 0.40 | 6.1 | 0.01 | Dec 6, 2021 | The Email Log WordPress plugin before 2.4.8 does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue |
- risk 0.57cvss 8.8epss 0.01
The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections
- risk 0.53cvss 8.1epss 0.01
The Email Log plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 2.4.8 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain…
- risk 0.40cvss 6.1epss 0.01
The Email Log WordPress plugin before 2.4.8 does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue