← voltar
CVE-2021-24959

WP Email Users <= 1.7.6 - Subscriber+ SQL Injection

EPSS 2.2%CWE-89
The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks.
Produtos afetados
Unknown · WP Email Users

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://wpscan.com/vulnerability/0471d2e2-e759-468f-becd-0b062f00b435