Check And Log Email CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-5306	2 Checkmail, Wordpress	2 Check And Log Email, Wordpress	2026-04-28	N/A
The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled
CVE-2024-0866	1 Checkmail	1 Check And Log Email	2026-04-15	8.1 High
The Check & Log Email plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 1.0.9 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the attacker wishes to execute needs to have a nonce check, and the nonce needs to be known to the attacker. Furthermore, the absence of a capability check is a requirement.

Page 1 of 1.