VYPR

Email Log

by WordPress

CVEs (3)

  • CVE-2021-24758HigNov 17, 2021
    risk 0.57cvss 8.8epss 0.01

    The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections

  • CVE-2024-0867HigMay 24, 2024
    risk 0.53cvss 8.1epss 0.01

    The Email Log plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 2.4.8 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain…

  • CVE-2021-24924MedDec 6, 2021
    risk 0.40cvss 6.1epss 0.01

    The Email Log WordPress plugin before 2.4.8 does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue