CVE-2021-24748

HIGH

Email Before Download WP <6.8 - SQL Injection

Title source: llm
STIX 2.1

Description

The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/a8625b84-337d-4c4d-a698-73e59d1f8ee1

Scores

CVSS v3 8.8
EPSS 0.0132
EPSS Percentile 67.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
mandsconsulting/email_before_download < 6.8
Published Nov 29, 2021
Tracked Since Feb 18, 2026