CVE-2024-0867

Name of the Vulnerable Software and Affected Versions Email Log plugin for WordPress versions up to, and including, 2.4.8

Description The issue allows unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. This is possible when the action the attacker wishes to execute has a nonce check, and the nonce is known to the attacker. Additionally, the absence of a capability check is required for this issue to be exploited. The check nonce function is involved in this issue.

Recommendations For versions up to, and including, 2.4.8, update to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.