WordPress Plugin Vulnerabilities

Email Artillery <= 4.1 - Multiple Authenticated SQL Injections

Description

The plugin does not sanitise, validate or escape some user input before using it in SQL statements in the admin dashboard, leading to SQL Injections

Proof of Concept

Affects Plugins

Plugin icon
email-artillery
No known fix

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
7a4de4cd-7d42-43f4-baa5-fac1c9457a55

Timeline

Publicly Published
2021-08-16 (about 4 years ago)
Added
2021-08-16 (about 4 years ago)
Last Updated
2021-08-16 (about 4 years ago)

Other

Published
Title
Published
2025-03-24
Title
Blue Captcha < 2.0.0 - Reflected Cross-Site Scripting
Published
2025-01-06
Title
App Embed < 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2014-08-01
Title
Duplicator - installer.cleanup.php package Parameter XSS
Published
2022-05-16
Title
FormCraft Basic < 1.2.6 - Admin+ Stored Cross Site Scripting
Published
2026-01-04
Title
Form to Chat App <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting