CVE-2021-24959

Published: 2022-03-14T15:15Z

Last Modified: 2024-11-21T05:54Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt