cleantalk
Vulnerabilities and Security Researches

Mail logging – WP Mail Catcher, 4c00f17230eed2f29d9bb914fe888facda6f36ce

CVE, Research URL

4c00f17230eed2f29d9bb914fe888facda6f36ce

Home page URL

Security reports for Mail logging – WP Mail Catcher

Application

Mail logging – WP Mail Catcher

Published on
Oct 29, 2023
Research Description
Mail logging &#8211; WP Mail Catcher [wp-mail-catcher] < 2.1.4 Mail logging - WP Mail Catcher <= 2.1.3 - Authenticated (Admin+) SQL Injection The Mail logging – WP Mail Catcher plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 2.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
max 2.1.4.
Status
vulnerable
Previous vulnerability researches
WPvivid Backup for MainWP (ec00cf2f6a6757dc3371250c1689bf0e482f89f9) , Jun 16, 2026
WPvivid Backup for MainWP (2c3fbbc425bd92d0f969e669e6a4b8564997aa02) , Jun 16, 2026
WPvivid Backup for MainWP (CVE-2024-35664) , Jun 06, 2024
WPvivid Backup for MainWP (CVE-2024-1383) , Jun 06, 2024
New vulnerability
WPBITS Addons For Elementor Page Builder (5d63984f64e2d907fb7992a8ff8ef8781dce2364) , Jun 16, 2026
WPBITS Addons For Elementor Page Builder (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
Thumbnail Slider With Lightbox (ae4916949d3e598654d3d97a60cf1cab0860c798) , Jun 16, 2026
Cryptocurrency Payment &amp; Donation Box &#8211; Accept Payments in any Cryptocurrency on your WP Site for Free (b62a26a6-cea0-46a7-b577-ba8d476ec1b5) , Jun 16, 2026
Cryptocurrency Payment &amp; Donation Box &#8211; Accept Payments in any Cryptocurrency on your WP Site for Free (868c06900b6d89c5908955f3ed451402ef57f10e) , Jun 16, 2026