Lucene search
K

101 matches found

NVD
NVD
added 2023/12/26 7:15 p.m.21 views

CVE-2023-5644

The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users...

7.6CVSS0.00499EPSS
Exploits2References1
NVD
NVD
added 2023/12/26 7:15 p.m.21 views

CVE-2023-5672

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files...

6.5CVSS0.00707EPSS
Exploits2References1
Prion
Prion
added 2023/12/26 7:15 p.m.20 views

Code injection

The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users...

6.5CVSS6.9AI score0.00499EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2023/12/26 7:15 p.m.18 views

Sql injection

The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor...

6.5CVSS7.8AI score0.10826EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2023/12/26 7:15 p.m.13 views

Sql injection

The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor...

6.5CVSS7.8AI score0.00721EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2023/12/26 7:15 p.m.14 views

Design/Logic Flaw

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files...

4CVSS6.8AI score0.00707EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/12/26 6:33 p.m.26 views

CVE-2023-5672 WP Mail Log < 1.1.3 – Contributor+ LFI in wml_logs/send_mail endpoint

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files...

6.5AI score0.00707EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/12/26 6:33 p.m.11 views

CVE-2023-5672 WP Mail Log < 1.1.3 – Contributor+ LFI in wml_logs/send_mail endpoint

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files...

6.8AI score0.00707EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/12/26 6:33 p.m.23 views

CVE-2023-5644 WP Mail Log < 1.1.3 – Incorrect Authorization in REST API Endpoints

The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users...

7.6AI score0.00499EPSS
Exploits2References1
CVE
CVE
added 2023/12/26 6:33 p.m.65 views

CVE-2023-5644

The WP Mail Log WordPress plugin (versions before 1.1.3) has an insecure REST API authorization flaw. The vulnerability allows users with the Contributor role to access and delete data that should be Admin-only, due to improper endpoint authorization in the wml/v1 REST API. The impact is exposure...

7.6CVSS7.4AI score0.00499EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/12/26 6:33 p.m.19 views

CVE-2023-5645 WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs endpoint

The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor...

9.2AI score0.00721EPSS
Exploits2References1
CVE
CVE
added 2023/12/26 6:33 p.m.36 views

CVE-2023-5645

Affected software: WP Mail Log WordPress plugin prior to version 1.1.3. Vulnerability: SQL injection in the wml_logs endpoint caused by improper sanitisation/escaping of a parameter before SQL usage. Impact: high confidentiality, integrity, and availability impacts; exploitability at a low privil...

8.8CVSS9AI score0.00721EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/12/26 6:33 p.m.55 views

CVE-2023-5673

The CVE-2023-5673 entry concerns the WP Mail Log WordPress plugin (versions before 1.1.3). The vulnerability is due to improper validation of file extensions when uploading attachments to emails, enabling PHP file uploads that can lead to remote code execution. Affected component: the upload hand...

8.8CVSS9.2AI score0.01096EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/12/26 6:33 p.m.20 views

CVE-2023-5673 WP Mail Log < 1.1.3 – Contributor+ Arbitrary File Upload to RCE

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution...

9.3AI score0.01096EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/12/26 6:33 p.m.27 views

CVE-2023-5674 WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs/send_mail endpoint

The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor...

9.2AI score0.10826EPSS
Exploits2References1
CVE
CVE
added 2023/12/26 6:33 p.m.45 views

CVE-2023-5674

The CVE-2023-5674 entry describes a SQL injection in the WP Mail Log WordPress plugin prior to version 1.1.3. The issue arises from improper sanitization/escaping of a parameter used in a SQL statement within the wml_logs/send_mail endpoint, enabling exploitation by users with a low-privilege rol...

8.8CVSS9AI score0.10826EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/12/26 12:0 a.m.6 views

WordPress plugin WP Mail Log security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

7.6CVSS6.6AI score0.00499EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/12/26 12:0 a.m.11 views

PT-2023-32254 · WordPress · Wp Mail Log

Name of the Vulnerable Software and Affected Versions: WP Mail Log WordPress plugin versions prior to 1.1.3 Description: The issue allows attackers to upload PHP files due to improper validation of file extensions when uploading files to attach to emails, leading to remote code execution...

8.8CVSS9.1AI score0.01096EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2023/12/26 12:0 a.m.9 views

PT-2023-32255 · WordPress · Wp Mail Log

Name of the Vulnerable Software and Affected Versions: WP Mail Log WordPress plugin versions prior to 1.1.3 Description: The issue arises from the WP Mail Log WordPress plugin not properly sanitizing and escaping a parameter before using it in a SQL statement, leading to a SQL injection. This can...

8.8CVSS8.9AI score0.10826EPSS
Exploits2References7
CNNVD
CNNVD
added 2023/12/26 12:0 a.m.6 views

WordPress plugin WP Mail Log security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in the...

6.5CVSS6.4AI score0.00707EPSS
Exploits2References2
Rows per page
Query Builder