CVE-2021-24758

Summary

The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections

Affected Software

VendorProductVersion RangeStatus
UnknownEmail Log2.4.7 < 2.4.7affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References