Vulnerabilities (CVE)

Filtered by vendor Email Log Project Subscribe
Filtered by product Email Log
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-24924 1 Email Log Project 1 Email Log 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
The Email Log WordPress plugin before 2.4.8 does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue
CVE-2021-24758 1 Email Log Project 1 Email Log 2024-02-28 6.5 MEDIUM 8.8 HIGH
The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections