Security Advisory

CVE-2021-24959

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-03-14 14:41:05

Last updated 2024-08-03 19:49:13

Assigner WPScan

State PUBLISHED

Description

The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks.

← Browse all CVEs View on cve.org ↗