The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2021-11-17T10:15:34
Updated: 2024-08-03T19:42:16.879Z
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24758
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-11-17T11:15:07.613
Modified: 2021-11-19T08:16:57.657
Link: CVE-2021-24758
Redhat
No data.