VYPR

Check & Log Email

by WordPress

CVEs (5)

  • CVE-2024-0866HigMar 26, 2024
    risk 0.53cvss 8.1epss 0.01

    The Check & Log Email plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 1.0.9 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain…

  • CVE-2021-24774HigOct 25, 2021
    risk 0.47cvss 7.2epss 0.01

    The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues

  • CVE-2022-1547MedMay 23, 2022
    risk 0.40cvss 6.1epss 0.01

    The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

  • CVE-2021-24908MedNov 29, 2021
    risk 0.40cvss 6.1epss 0.01

    The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting

  • CVE-2026-5306MedApr 28, 2026
    risk 0.35cvss 5.4epss 0.00

    The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled