Lucene search
K

3 matches found

Vulnrichment
Vulnrichment
added 2025/07/16 9:22 a.m.4 views

CVE-2025-6993 Ultimate WP Mail 1.0.17 - 1.3.6 - Missing Authorization to Authenticated (Contributor+) Privilege Escalation via get_email_log_details Function

The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the getemaillogdetails AJAX handler in versions 1.0.17 to 1.3.6. The handler reads the client-supplied postid and retrieves the corresponding email log post content including the...

7.5CVSS6.2AI score0.00441EPSS
Exploits0References4
CVE
CVE
added 2025/07/16 9:22 a.m.34 views

CVE-2025-6993

CVE-2025-6993 affects the Ultimate WP Mail plugin for WordPress (versions 1.0.17–1.3.6). The vulnerability arises from improper authorization in the get_email_log_details AJAX handler, which reads client-supplied post_id and returns the corresponding email log content (including the admin passwor...

8.8CVSS6.3AI score0.00441EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2025/07/16 4:12 a.m.6 views

WordPress Ultimate WP Mail plugin 1.0.17 - 1.3.6 - Missing Authorization to Authenticated (Contributor+) Privilege Escalation via get_email_log_details Function vulnerability

WordPress Ultimate WP Mail plugin 1.0.17 - 1.3.6 - Missing Authorization to Authenticated Contributor+ Privilege Escalation via getemaillogdetails Function vulnerability discovered by kr0d in WordPress Plugin Ultimate WP Mail versions 1.0.17 - 1.3.6...

8.8CVSS6.8AI score0.00441EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder