Lucene search

K
cvelistWPScanCVELIST:CVE-2021-24748
HistoryNov 29, 2021 - 8:25 a.m.

CVE-2021-24748 Email Before Download < 6.8 - Admin+ SQL Injection

2021-11-2908:25:31
CWE-89
WPScan
www.cve.org

0.001 Low

EPSS

Percentile

37.8%

The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues

CNA Affected

[
  {
    "product": "Email Before Download",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "6.8",
        "status": "affected",
        "version": "6.8",
        "versionType": "custom"
      }
    ]
  }
]

0.001 Low

EPSS

Percentile

37.8%

Related for CVELIST:CVE-2021-24748