Lucene search
China National Vulnerability DatabaseCNVD-2022-55698HistoryJun 15, 2022 - 12:00 a.m.
WordPress Log WP_Mail plugin information leakage vulnerability
2022-06-1500:00:00
China National Vulnerability Database
www.cnvd.org.cn
12
wordpress
php
mysql
information disclosure
predictable filenames
sensitive information
EPSS
0.002
Percentile
58.9%
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Log WP_Mail plugin version 0.1 and prior versions are vulnerable to information disclosure. The vulnerability stems from the use of predictable filenames to save sent emails in publicly accessible directories, which can be exploited by an attacker to allow any unauthenticated visitor to access potentially sensitive information such as generated passwords.
Related
cve
cve
CVE-2022-1412
2022-06-13 13:15:10
patchstack
patchstack
WordPress Log WP_Mail plugin <= 0.1 - Sensitive Data Exposure vulnerability
2022-05-18 00:00:00
prion
prion
Information disclosure
2022-06-13 13:15:00
wpexploit
wpexploit
Log WP_Mail <= 0.1 - Email Logs Publicly Accessible
2022-05-18 00:00:00
wpvulndb
wpvulndb
Log WP_Mail <= 0.1 - Email Logs Publicly Accessible
2022-05-18 00:00:00
cvelist
cvelist
CVE-2022-1412 Log WP_Mail <= 0.1 - Email Logs Publicly Accessible
2022-06-13 12:41:48
nvd
nvd
CVE-2022-1412
2022-06-13 13:15:10