CVE-2021-24959

The WP Email Users WordPress plugin through 1.7.6 does not escape the dataraw parameter in the weuselectedusers1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks...

WordPress plugin SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress WP Email Users plugin version 1.7.6 and previous versions have a SQL injection vulnerability, which originates from WP Email...