Threat Entry Updated 2024-11-21

CVE-2024-0866 - Check & Log Email Plugin

The Check & Log Email plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 1.0.9 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the attacker wishes to execute needs to have a nonce check, and the nonce needs to be known to the attacker. Furthermore, the absence of a capability check is a requirement.

PLUGIN Check & Log Email

CVE-2024-0866

HIGH CVSS 8.1 2024-03-26

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2022-1547 - Check Log Email Plugin

The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

PLUGIN Check Log Email

CVE-2022-1547

MEDIUM CVSS 6.1 2022-05-23

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24908 - Check Log Email Plugin

The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting

PLUGIN Check Log Email

CVE-2021-24908

MEDIUM CVSS 6.1 2021-11-29

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24774 - Check Log Email Plugin

The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues

PLUGIN Check Log Email

CVE-2021-24774

HIGH CVSS 7.2 2021-10-25

Risk Score

Open Full Technical Breakdown