CVE-2026-2471 WP Mail Logging <= 1.15.0 - Unauthenticated PHP Object Injection via Email Log Message Field

The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.15.0 via deserialization of untrusted input from the email log message field. This is due to the BaseModel class constructor calling maybeunserialize on all properties retrieved...

CVE-2023-3081

The WP Mail Logging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 1.11.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2023-3081

The WP Mail Logging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 1.11.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2023-3081 WP Mail Logging <= 1.11.1 - Unauthenticated Stored Cross-Site Scripting via Email

The WP Mail Logging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 1.11.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2023-3081

The CVE-2023-3081 entry covers the WP Mail Logging WordPress plugin, which is vulnerable to Stored Cross-Site Scripting via email contents in versions up to and including 1.11.1. The root cause is insufficient input sanitization and output escaping in the email-logging display path, enabling an u...

PT-2023-22989 · WordPress · Wp Mail Logging

Name of the Vulnerable Software and Affected Versions: WP Mail Logging plugin for WordPress versions up to and including 1.11.1 Description: The issue is related to Stored Cross-Site Scripting via email contents due to insufficient input sanitization and output escaping. This allows unauthenticat...

WP Mail Logging < 1.10.0 - Outdated Redux Framework

The plugin uses an outdated version of the Redux Framework, which is know to be affected by security issues CVE-2021-38312 and CVE-2021-38314, and could allow unauthenticated attackers to change some of the Framework settings by using CVE-2021-38314 PoC The first endpoint we can identify is...

WordPress WP Mail Logging plugin <=1.8.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability found by Yehuda in WordPress WP Mail Logging plugin versions =1.8.2. Solution Update the WordPress WP Mail Logging plugin to the latest available version at least version 1.8.3...