Lucene search
WPScanCVELIST:CVE-2021-24959HistoryMar 14, 2022 - 2:41 p.m.
CVE-2021-24959 WP Email Users <= 1.7.6 - Subscriber+ SQL Injection
2022-03-1414:41:05
CWE-89
WPScan
www.cve.org
The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks.
CNA Affected
[
{
"product": "WP Email Users",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.7.6",
"status": "affected",
"version": "1.7.6",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2021-24959
2022-03-14 15:15:08
patchstack
patchstack
wpexploit
wpexploit
WP Email Users <= 1.7.6 - Subscriber+ SQL Injection
2022-01-31 00:00:00
prion
prion
Sql injection
2022-03-14 15:15:00
wpvulndb
wpvulndb
WP Email Users <= 1.7.6 - Subscriber+ SQL Injection
2022-01-31 00:00:00
nvd
nvd
CVE-2021-24959
2022-03-14 15:15:08