The Email Log plugin for WordPress... CVE-2024-0867

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

The Email Log plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 2.4.8 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the attacker wishes to execute needs to have a nonce check, and the nonce needs to be known to the attacker. Furthermore, the absence of a capability check is a requirement.

0%
暂无可用Exp或PoC
当前有0条受影响产品信息