Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2023-5672
HistoryDec 26, 2023 - 6:33 p.m.

CVE-2023-5672 WP Mail Log < 1.1.3 – Contributor+ LFI in wml_logs/send_mail endpoint

2023-12-2618:33:09
WPScan
www.cve.org
1
cve-2023-5672
wp mail log
lfi
wordpress plugin
file inclusion
security issue

EPSS

0.001

Percentile

18.3%

JSON

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WP Mail Log",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "1.1.3"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Related

cve 1
wpvulndb 1
prion 1
nvd 1
wpexploit 1
cve
cve
CVE-2023-5672
2023-12-26 19:15:07
wpvulndb
wpvulndb
WP Mail Log < 1.1.3 – Contributor+ LFI in wml_logs/send_mail endpoint
2023-11-28 00:00:00
prion
prion
Design/Logic Flaw
2023-12-26 19:15:00
nvd
nvd
CVE-2023-5672
2023-12-26 19:15:07
wpexploit
wpexploit
WP Mail Log < 1.1.3 – Contributor+ LFI in wml_logs/send_mail endpoint
2023-11-28 00:00:00

EPSS

0.001

Percentile

18.3%

JSON
Related for CVELIST:CVE-2023-5672
cve1wpvulndb1prion1nvd1wpexploit1