CVE-2021-24748

CVE-2021-24748: Email Before Download < 6.8 - Admin+ SQL Injection

Vendor Unknown

Product Email Before Download

Weakness CWE-89 · SQLi

Published November 29, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues

Key dates

02Disclosure timeline

November 29, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24748

Related vulnerabilities

04Related CVE

CVE-2019-25517 Jettweb PHP Hazir Haber Sitesi Scripti V1 SQL Injection via haberarsiv.php CVE-2025-7200 krishna9772 Pharmacy Management System quantity_upd.php sql injection CVE-2021-24401 WP Domain Redirect <= 1.0 - Authenticated SQL Injection CVE-2025-14227 Philipinho Simple-PHP-Blog edit.php sql injection CVE-2025-41006 Multiple vulnerabilities in Imaster products Open configuration options