← back
CVE-2021-24959

WP Email Users <= 1.7.6 - Subscriber+ SQL Injection

EPSS 2.2%CWE-89
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 2.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
14 Mar 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks.
Affected products
Unknown · WP Email Users

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/0471d2e2-e759-468f-becd-0b062f00b435