WordPress Plugin Vulnerabilities

Email Before Download < 3.4.1 - SQL Injection

Description

Email Before Download (https://wordpress.org/plugins/email-before-download/) before version 3.4.1 was vulnerable to several SQL injections.

Affects Plugins

Plugin icon
email-before-download
Fixed in 3.4.1

References

URL
https://plugins.trac.wordpress.org/changeset/1208641
URL
https://plugins.trac.wordpress.org/browser/email-before-download/tags/3.4.1/readme.txt?rev=2297345#L112

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
Clément Notin
Submitter website
https://clement.notin.org
Submitter twitter
cnotin
Verified
No
WPVDB ID
4e6a862b-18d2-4560-9acf-9179a3f4995d

Timeline

Publicly Published
2015-07-28 (about 10 years ago)
Added
2020-05-04 (about 6 years ago)
Last Updated
2020-05-11 (about 6 years ago)

Other

Published
Title
Published
2014-08-01
Title
WP Photo Album Plus < 4.2.0 - SQL Injection
Published
2023-01-17
Title
MainWP Google Analytics Extension < 4.0.5 - Subscriber+ SQLi
Published
2014-08-01
Title
UPM-POLLS 1.0.4 - BLIND SQL injection
Published
2014-08-01
Title
Photoracer <= 1.0 - SQL Injection
Published
2024-06-06
Title
Visualizer < 3.11.2 - Authenticated (Subscriber+) SQL Injection