Lucene search

[email protected]CVE-2022-1412

HistoryJun 13, 2022 - 1:15 p.m.

CVE-2022-1412

2022-06-1313:15:10

CWE-732

[email protected]

web.nvd.nist.gov

cve-2022-1412

log wp_mail

wordpress plugin

email security

predictable filenames

sensitive information

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

58.9%

JSON

The Log WP_Mail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords.

Affected configurations

Vulners

NVD

Node

premierethemeslog_wp_mailRange≤0.1

VendorProductVersionCPE
premierethemeslog_wp_mail*cpe:2.3:a:premierethemes:log_wp_mail:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
premierethemes	log_wp_mail	*	cpe:2.3:a:premierethemes:log_wp_mail::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Log WP_Mail",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "0.1"
      }
    ],
    "defaultStatus": "affected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]