Which Check & Log Email – Easy Email Testing & Mail logging CVEs are tracked?

Check & Log Email – Easy Email Testing & Mail logging tracked CVEs include CVE-2024-0866, CVE-2026-5306, CVE-2021-24774, CVE-2022-1547, and CVE-2021-24908.

Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 6 known issues Latest disclosed Apr 28, 2026

Check & Log Email – Easy Email Testing & Mail logging Vulnerabilities

Q: How many Check & Log Email – Easy Email Testing & Mail logging vulnerabilities have patch guidance?

6 of 6 tracked Check & Log Email – Easy Email Testing & Mail logging records include a published patch path.

Review known vulnerability records for the WordPress plugin Check & Log Email – Easy Email Testing & Mail logging (`check-email`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-5306, CVE-2024-0866 and CVE-2022-1547, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Apr 30, 2026

Priority CVE Quick Links

Fast paths into Check & Log Email – Easy Email Testing & Mail logging CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2024-0866 High 1.0.10

CVE-2024-0866 Check & Log Email – Easy Email Testing & Mail logging Vulnerability

Check & Log Email <= 1.0.9 - Unauthenticated Hook Injection

CVE-2026-5306 High 2.0.13

CVE-2026-5306 Check & Log Email – Easy Email Testing & Mail logging Stored Cross-Site Scripting

Check & Log Email – Easy Email Testing & Mail logging < 2.0.13 - Unauthenticated Stored Cross-Site Scripting

CVE-2021-24774 High 1.0.3

CVE-2021-24774 Check & Log Email – Easy Email Testing & Mail logging SQL Injection

Check & Log Email <= 1.0.2 - Admin+ SQL Injection via Order and OrderBy parameters

CVE-2022-1547 Medium 1.0.6

CVE-2022-1547 Check & Log Email – Easy Email Testing & Mail logging Cross-Site Scripting

Check & Log email <= 1.0.5 - Reflected Cross-Site Scripting

CVE-2021-24908 Medium 1.0.4

CVE-2021-24908 Check & Log Email – Easy Email Testing & Mail logging Cross-Site Scripting

Check & Log Email <= 1.0.3 - Reflected Cross-Site Scripting

CVE-2016-10934 Medium 0.5.2

CVE-2016-10934 Check & Log Email – Easy Email Testing & Mail logging Cross-Site Scripting

Check & Log Email <= 0.5.1 - Reflected Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Check & Log Email – Easy Email Testing & Mail logging so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

6 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

0 critical and 3 high severity findings.

Recent CVEs

CVE-2026-5306, CVE-2024-0866 and CVE-2022-1547

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2026-5306 High Patch path listed

CVE-2026-5306: Check & Log Email – Easy Email Testing & Mail logging < 2.0.13 - Unauthenticated Stored Cross-Site Scripting

The Check & Log Email – Easy Email Testing & Mail logging plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to 2.0.13 due to insufficient input sanitization an...

Published

Apr 28, 2026

Patch Status

2.0.13

Open CVE-2026-5306 Report

CVE-2024-0866 High Patch path listed

CVE-2024-0866: Check & Log Email <= 1.0.9 - Unauthenticated Hook Injection

The Check & Log Email plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 1.0.9 via the check_nonce function. This makes it possible fo...

Published

Mar 25, 2024

Patch Status

1.0.10

Open CVE-2024-0866 Report

CVE-2022-1547 Medium Patch path listed

CVE-2022-1547: Check & Log email <= 1.0.5 - Reflected Cross-Site Scripting

The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scr...

Published

May 02, 2022

Patch Status

1.0.6

Open CVE-2022-1547 Report

Known Vulnerabilities

Reports for Check & Log Email – Easy Email Testing & Mail logging

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: Yes CVE-2026-5306

CVE-2026-5306: Check & Log Email – Easy Email Testing & Mail logging < 2.0.13 - Unauthenticated Stored Cross-Site Scripting

The Check & Log Email – Easy Email Testing & Mail logging plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to 2.0.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

Published

Apr 28, 2026

Patched Release

2.0.13

Affected Versions

Versions before 2.0.13

Next Step

Update to 2.0.13 or newer if supported.

Open CVE-2026-5306 Report Open CVE Reference

Plugin High Patched: Yes CVE-2024-0866

CVE-2024-0866: Check & Log Email <= 1.0.9 - Unauthenticated Hook Injection

The Check & Log Email plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 1.0.9 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circu...

Published

Mar 25, 2024

Patched Release

1.0.10

Affected Versions

Versions up to 1.0.9

Next Step

Update to 1.0.10 or newer if supported.

Open CVE-2024-0866 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2022-1547

CVE-2022-1547: Check & Log email <= 1.0.5 - Reflected Cross-Site Scripting

The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

Published

May 02, 2022

Patched Release

1.0.6

Affected Versions

Versions up to 1.0.5

Next Step

Update to 1.0.6 or newer if supported.

Open CVE-2022-1547 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2021-24908

CVE-2021-24908: Check & Log Email <= 1.0.3 - Reflected Cross-Site Scripting

The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting

Published

Nov 01, 2021

Patched Release

1.0.4

Affected Versions

Versions before 1.0.4

Next Step

Update to 1.0.4 or newer if supported.

Open CVE-2021-24908 Report Open CVE Reference

Plugin High Patched: Yes CVE-2021-24774

CVE-2021-24774: Check & Log Email <= 1.0.2 - Admin+ SQL Injection via Order and OrderBy parameters

The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues

Published

Sep 27, 2021

Patched Release

1.0.3

Affected Versions

Versions up to 1.0.2

Next Step

Update to 1.0.3 or newer if supported.

Open CVE-2021-24774 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2016-10934

CVE-2016-10934: Check & Log Email <= 0.5.1 - Reflected Cross-Site Scripting

The check-email plugin before 0.5.2 for WordPress has XSS via several vulnerable parameters in the check-email/check-email.php file.

Published

Nov 12, 2016

Patched Release

0.5.2

Affected Versions

Versions before 0.5.2

Next Step

Update to 0.5.2 or newer if supported.

Open CVE-2016-10934 Report Open CVE Reference