CVSS 3.1 Score 8.1 of 10 (high)


Published Mar 26, 2024


CVE-2024-0866 is a vulnerability affecting the Check & Log Email plugin for WordPress, specifically versions up to and including 1.0.9. The vulnerability allows unauthenticated attackers to execute actions with hooks in WordPress if certain conditions are met, such as knowing the nonce and the absence of a capability check. This vulnerability poses a high risk to organizations as it can lead to unauthorized actions being performed on their WordPress sites. To remediate this vulnerability, users should update to a patched version of the plugin when available or disable the plugin until a fix is provided.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-0866 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options