3 results (0.002 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting El plugin Check & Log Email de WordPress versiones anteriores a 1.0.6, no sanea y escapa de un parámetro antes de devolverlo en un atributo en una página de administración, conllevando a un ataue de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/83eca346-7045-414e-81fc-e0d9b735f0bd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting El plugin Check & Log Email de WordPress versiones anteriores a 1.0.4, no escapa el parámetro d antes de devolverlo en un atributo, conllevando a un problema de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/77f50129-4b1f-4e50-8321-9dd32deba6e1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues El plugin Check & Log Email de WordPress versiones anteriores a 1.0.3, no comprueba ni escapa de los parámetros GET "order" y "orderby" antes de usarlos en una sentencia SQL cuando son visualizados los registros, conllevando a problemas de inyecciones SQL • https://wpscan.com/vulnerability/f80ef09a-d3e2-4d62-8532-f0ebe59ae110 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •