3 matches found
CVE-2025-6993 Ultimate WP Mail 1.0.17 - 1.3.6 - Missing Authorization to Authenticated (Contributor+) Privilege Escalation via get_email_log_details Function
The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the getemaillogdetails AJAX handler in versions 1.0.17 to 1.3.6. The handler reads the client-supplied postid and retrieves the corresponding email log post content including the...
CVE-2025-6993
CVE-2025-6993 affects the Ultimate WP Mail plugin for WordPress (versions 1.0.17–1.3.6). The vulnerability arises from improper authorization in the get_email_log_details AJAX handler, which reads client-supplied post_id and returns the corresponding email log content (including the admin passwor...
WordPress Ultimate WP Mail plugin 1.0.17 - 1.3.6 - Missing Authorization to Authenticated (Contributor+) Privilege Escalation via get_email_log_details Function vulnerability
WordPress Ultimate WP Mail plugin 1.0.17 - 1.3.6 - Missing Authorization to Authenticated Contributor+ Privilege Escalation via getemaillogdetails Function vulnerability discovered by kr0d in WordPress Plugin Ultimate WP Mail versions 1.0.17 - 1.3.6...