Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total6
Critical0
High3
Medium3
Reset
Showing 1-6 of 6 records
Threat Entry Updated 2025-03-06

CVE-2025-1319 - Email Log Plugin

The Site Mailer – SMTP Replacement, Email API Deliverability & Email Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Email Log

CVE-2025-1319

MEDIUM CVSS 6.4 2025-02-28
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-0867 - Email Log Plugin

The Email Log plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 2.4.8 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the attacker wishes to execute needs to have a nonce check, and the nonce needs to be known to the attacker. Furthermore, the absence of a capability check is a requirement.

PLUGIN Email Log

CVE-2024-0867

HIGH CVSS 8.1 2024-05-24
Open Full Technical Breakdown
Threat Entry Updated 2025-05-21

CVE-2022-2352 - Email Log Plugin

The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example.

PLUGIN Email Log

CVE-2022-2352

HIGH CVSS 7.2 2022-09-26
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-2351 - Email Log Plugin

The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed.

PLUGIN Email Log

CVE-2022-2351

MEDIUM CVSS 4.8 2022-09-16
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24924 - Email Log Plugin

The Email Log WordPress plugin before 2.4.8 does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue

PLUGIN Email Log

CVE-2021-24924

MEDIUM CVSS 6.1 2021-12-06
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24758 - Email Log Plugin

The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections

PLUGIN Email Log

CVE-2021-24758

HIGH CVSS 8.8 2021-11-17
Open Full Technical Breakdown
Scroll to top