CVE-2022-1547 – Check & Log email < 1.0.6 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1547
The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting El plugin Check & Log Email de WordPress versiones anteriores a 1.0.6, no sanea y escapa de un parámetro antes de devolverlo en un atributo en una página de administración, conllevando a un ataue de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/83eca346-7045-414e-81fc-e0d9b735f0bd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-24908 – Check & Log Email < 1.0.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24908
The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting El plugin Check & Log Email de WordPress versiones anteriores a 1.0.4, no escapa el parámetro d antes de devolverlo en un atributo, conllevando a un problema de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/77f50129-4b1f-4e50-8321-9dd32deba6e1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-24774 – Check & Log Email < 1.0.3 - Admin+ SQL Injections
https://notcve.org/view.php?id=CVE-2021-24774
The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues El plugin Check & Log Email de WordPress versiones anteriores a 1.0.3, no comprueba ni escapa de los parámetros GET "order" y "orderby" antes de usarlos en una sentencia SQL cuando son visualizados los registros, conllevando a problemas de inyecciones SQL • https://wpscan.com/vulnerability/f80ef09a-d3e2-4d62-8532-f0ebe59ae110 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •