cleantalk
Vulnerabilities and Security Researches

Check & Log Email, CVE-2024-0866

CVE, Research URL

CVE-2024-0866

Home page URL

Security reports for Check & Log Email

Application

Check & Log Email

Published on
Mar 26, 2024
Research Description
The Check & Log Email plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 1.0.9 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the attacker wishes to execute needs to have a nonce check, and the nonce needs to be known to the attacker. Furthermore, the absence of a capability check is a requirement.
Affected versions
max 1.0.10.
Status
vulnerable
Previous vulnerability researches
Check & Log Email (CVE-2026-5306) , Apr 29, 2026
Check & Log Email (CVE-2016-10934) , Jun 07, 2024
Check & Log Email (CVE-2022-1547) , Jun 07, 2024
Check & Log Email (CVE-2024-0866) , Jun 07, 2024
Check & Log Email (CVE-2021-24908) , Jun 07, 2024
New vulnerability
Timeline Blocks for Gutenberg (CVE-2026-6551) , Apr 29, 2026
WPC Smart Messages for WooCommerce (CVE-2026-6725) , Apr 29, 2026
Check & Log Email (CVE-2026-5306) , Apr 29, 2026
Complianz – GDPR/CCPA Cookie Consent (CVE-2026-4019) , Apr 29, 2026
Booking Package (CVE-2026-4911) , Apr 29, 2026