CVE-2021-24758

HIGH

Email Log WP <2.4.7 - SQL Injection

Title source: llm
STIX 2.1

Description

The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/8dd70db4-5845-440d-8b1d-012738abaac2

Scores

CVSS v3 8.8
EPSS 0.0129
EPSS Percentile 67.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
email_log_project/email_log < 2.4.7
Published Nov 17, 2021
Tracked Since Feb 18, 2026