Lucene search
HistoryDec 26, 2023 - 7:15 p.m.
CVE-2023-5672
wordpress
plugin
security
cve-2023-5672
nvd
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0005 Low
EPSS
Percentile
18.4%
The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files.
Affected configurations
Node
premierethemeslog_wp_mailRange<1.1.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| premierethemes | log_wp_mail | * | cpe:2.3:a:premierethemes:log_wp_mail:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "WP Mail Log",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "1.1.3"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
prion
prion
Design/Logic Flaw
2023-12-26 19:15:00
wpvulndb
wpvulndb
WP Mail Log < 1.1.3 – Contributor+ LFI in wml_logs/send_mail endpoint
2023-11-28 00:00:00
nvd
nvd
CVE-2023-5672
2023-12-26 19:15:07
cvelist
cvelist
wpexploit
wpexploit
WP Mail Log < 1.1.3 – Contributor+ LFI in wml_logs/send_mail endpoint
2023-11-28 00:00:00
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0005 Low
EPSS
Percentile
18.4%
Related for CVE-2023-5672