CVE-2021-24774

CVE-2021-24774: Check & Log Email < 1.0.3 - Admin+ SQL Injections

Vendor Unknown
Product Check & Log Email
Weakness CWE-89 · SQLi
Published October 25, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues

Key dates

02Disclosure timeline

October 25, 2021 CVE published
August 3, 2024 Record updated