WordPress WP Mail Logging plugin <= 1.15.0 - Unauthenticated PHP Object Injection via Email Log Message Field vulnerability

Unauthenticated PHP Object Injection via Email Log Message Field vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin WP Mail Logging versions = 1.15.0...

CVE-2026-2471 WP Mail Logging <= 1.15.0 - Unauthenticated PHP Object Injection via Email Log Message Field

The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.15.0 via deserialization of untrusted input from the email log message field. This is due to the BaseModel class constructor calling maybeunserialize on all properties retrieved...

CVE-2026-2471

The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.15.0 via deserialization of untrusted input from the email log message field. This is due to the BaseModel class constructor calling maybeunserialize on all properties retrieved...

WordPress plugin WP Mail Logging 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

EUVD-2023-55577

Malicious code in bioql PyPI...

CVE-2023-3081

The WP Mail Logging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 1.11.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

WordPress Plugin Mail logging 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

Mail logging - WP Mail Catcher < 2.1.4 - Admin+ SQLi

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2023-50844

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in James Ward Mail logging – WP Mail Catcher.This issue affects Mail logging – WP Mail Catcher: from n/a through 2.1.3...

CVE-2023-50844

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in James Ward Mail logging – WP Mail Catcher.This issue affects Mail logging – WP Mail Catcher: from n/a through 2.1.3...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in James Ward Mail logging – WP Mail Catcher.This issue affects Mail logging – WP Mail Catcher: from n/a through 2.1.3...

CVE-2023-50844

CVE-2023-50844 is a SQL Injection flaw in the WordPress plugin “Mail logging – WP Mail Catcher,” caused by improper neutralization of input in an SQL command. Affected versions are listed as from n/a through 2.1.3. The vulnerability has been patched; users should update to a fixed release. The ba...

WordPress Plugin Mail logging SQL injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

CVE-2023-3081

The WP Mail Logging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 1.11.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2023-3081 WP Mail Logging <= 1.11.1 - Unauthenticated Stored Cross-Site Scripting via Email

The WP Mail Logging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 1.11.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2023-3081

The CVE-2023-3081 entry covers the WP Mail Logging WordPress plugin, which is vulnerable to Stored Cross-Site Scripting via email contents in versions up to and including 1.11.1. The root cause is insufficient input sanitization and output escaping in the email-logging display path, enabling an u...

WordPress Plugin WP Mail Logging 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2023-22989 · WordPress · Wp Mail Logging

Name of the Vulnerable Software and Affected Versions: WP Mail Logging plugin for WordPress versions up to and including 1.11.1 Description: The issue is related to Stored Cross-Site Scripting via email contents due to insufficient input sanitization and output escaping. This allows unauthenticat...

WordPress WP Mail Logging Plugin < 1.12.0 is vulnerable to Broken Access Control

Software WP Mail Logging Type Plugin Vulnerable versions 1.12.0 Fixed in 1.12.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID edb33842ede2 Credits Unknown Required privilege...

WordPress WP Mail Logging Plugin <= 1.11.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Mail Logging Type Plugin Vulnerable versions = 1.11.0 Fixed in 1.11.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3081 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 2d3c8be0ad25 Credits Alex Thomas Required...