101 matches found
CVE-2023-5644
The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users...
CVE-2023-5672
The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files...
Code injection
The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users...
Sql injection
The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor...
Sql injection
The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor...
Design/Logic Flaw
The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files...
CVE-2023-5672 WP Mail Log < 1.1.3 – Contributor+ LFI in wml_logs/send_mail endpoint
The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files...
CVE-2023-5672 WP Mail Log < 1.1.3 – Contributor+ LFI in wml_logs/send_mail endpoint
The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files...
CVE-2023-5644 WP Mail Log < 1.1.3 – Incorrect Authorization in REST API Endpoints
The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users...
CVE-2023-5644
The WP Mail Log WordPress plugin (versions before 1.1.3) has an insecure REST API authorization flaw. The vulnerability allows users with the Contributor role to access and delete data that should be Admin-only, due to improper endpoint authorization in the wml/v1 REST API. The impact is exposure...
CVE-2023-5645 WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs endpoint
The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor...
CVE-2023-5645
Affected software: WP Mail Log WordPress plugin prior to version 1.1.3. Vulnerability: SQL injection in the wml_logs endpoint caused by improper sanitisation/escaping of a parameter before SQL usage. Impact: high confidentiality, integrity, and availability impacts; exploitability at a low privil...
CVE-2023-5673
The CVE-2023-5673 entry concerns the WP Mail Log WordPress plugin (versions before 1.1.3). The vulnerability is due to improper validation of file extensions when uploading attachments to emails, enabling PHP file uploads that can lead to remote code execution. Affected component: the upload hand...
CVE-2023-5673 WP Mail Log < 1.1.3 – Contributor+ Arbitrary File Upload to RCE
The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution...
CVE-2023-5674 WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs/send_mail endpoint
The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor...
CVE-2023-5674
The CVE-2023-5674 entry describes a SQL injection in the WP Mail Log WordPress plugin prior to version 1.1.3. The issue arises from improper sanitization/escaping of a parameter used in a SQL statement within the wml_logs/send_mail endpoint, enabling exploitation by users with a low-privilege rol...
WordPress plugin WP Mail Log security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
PT-2023-32254 · WordPress · Wp Mail Log
Name of the Vulnerable Software and Affected Versions: WP Mail Log WordPress plugin versions prior to 1.1.3 Description: The issue allows attackers to upload PHP files due to improper validation of file extensions when uploading files to attach to emails, leading to remote code execution...
PT-2023-32255 · WordPress · Wp Mail Log
Name of the Vulnerable Software and Affected Versions: WP Mail Log WordPress plugin versions prior to 1.1.3 Description: The issue arises from the WP Mail Log WordPress plugin not properly sanitizing and escaping a parameter before using it in a SQL statement, leading to a SQL injection. This can...
WordPress plugin WP Mail Log security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in the...