nvd-json-data-feeds/CVE-2021/CVE-2021-247xx/CVE-2021-24758.json

{
  "id": "CVE-2021-24758",
  "sourceIdentifier": "contact@wpscan.com",
  "published": "2021-11-17T11:15:07.613",
  "lastModified": "2021-11-19T08:16:57.657",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the \"orderby\" and \"order\" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections"
    },
    {
      "lang": "es",
      "value": "El plugin Email Log de WordPress versiones anteriores a 2.4.7, no comprueba, sanea y escapa de los par\u00e1metros GET \"orderby\" y \"order\" antes de usarlos en una sentencia SQL en el panel de administraci\u00f3n, conllevando a inyecciones SQL"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    },
    {
      "source": "contact@wpscan.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:email_log_project:email_log:*:*:*:*:*:wordpress:*:*",
              "versionEndExcluding": "2.4.7",
              "matchCriteriaId": "ED359021-2FC8-4B87-8CEF-42C46AECEE84"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://wpscan.com/vulnerability/8dd70db4-5845-440d-8b1d-012738abaac2",
      "source": "contact@wpscan.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}