WordPress Plugin Vulnerabilities

WP-EMail <= 2.67.1 - SQL Injection

Description

If the Plugin is activated then the email submission form can be found on the /email/ directory on individual Post/Pages.

For example:

http://example.com/2017/05/31/hello-world/email/

Affects Plugins

Plugin icon
wp-email
Fixed in 2.67.2

References

URL
https://github.com/lesterchan/wp-email/commit/bcae41780ef78ce4d0780fc417c0343d5715b18a

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
dd6683c4-3aa0-4357-8f1f-498c8aad616f

Timeline

Publicly Published
2016-05-14 (about 7 years ago)
Added
2016-11-14 (about 7 years ago)
Last Updated
2019-11-01 (about 4 years ago)

Other

Published
Title
Published
2021-05-27
Title
Sendit WP Newsletter <= 2.5.1 - Authenticated (admin+) SQL Injection
Published
2014-08-01
Title
Wordpress 2.2 - XML-RPC SQL Injection
Published
2015-03-17
Title
Gravity Forms 1.8 <= 1.9.3.5 - Authenticated Blind SQL Injection
Published
2014-08-01
Title
Wordpress <= 2.3.1 - Charset Remote SQL Injection
Published
2014-08-01
Title
All Video Gallery - Multiple SQL Injection Vulnerabilities