Lucene search
HistoryDec 26, 2023 - 7:15 p.m.
CVE-2023-5674
wp mail log
wordpress
plugin
sql injection
cve-2023-5674
nvd
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
19.0%
The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor.
Affected configurations
Node
premierethemeslog_wp_mailRange<1.1.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| premierethemes | log_wp_mail | * | cpe:2.3:a:premierethemes:log_wp_mail:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "WP Mail Log",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "1.1.3"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpexploit
wpexploit
nvd
nvd
CVE-2023-5674
2023-12-26 19:15:08
prion
prion
Sql injection
2023-12-26 19:15:00
cvelist
cvelist
wpvulndb
wpvulndb
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
19.0%
Related for CVE-2023-5674