8 matches found
CVE-2023-5644
The WP Mail Log WordPress plugin (versions before 1.1.3) has an insecure REST API authorization flaw. The vulnerability allows users with the Contributor role to access and delete data that should be Admin-only, due to improper endpoint authorization in the wml/v1 REST API. The impact is exposure...
CVE-2023-51410
CVE-2023-51410 targets the WP Mail Log plugin (WPVibes) for WordPress, described as an Unrestricted/Restricted Upload of a file with a dangerous type vulnerability. Public details show the issue affects WP Mail Log versions up through 1.1.2 and is associated with an authenticated (Contributor+) A...
CVE-2023-5673
The CVE-2023-5673 entry concerns the WP Mail Log WordPress plugin (versions before 1.1.3). The vulnerability is due to improper validation of file extensions when uploading attachments to emails, enabling PHP file uploads that can lead to remote code execution. Affected component: the upload hand...
CVE-2022-45807
CVE-2022-45807 is a CSRF vulnerability in the WPVibes WP Mail Log plugin, affecting versions <= 1.0.1. The NVD entry reports a CVSS v3.1 base score of 8.8 (HIGH) with network attack vector, requiring user interaction and no privileges, and impact to confidentiality, integrity, and availability...
CVE-2023-5674
The CVE-2023-5674 entry describes a SQL injection in the WP Mail Log WordPress plugin prior to version 1.1.3. The issue arises from improper sanitization/escaping of a parameter used in a SQL statement within the wml_logs/send_mail endpoint, enabling exploitation by users with a low-privilege rol...
CVE-2023-3088
CVE-2023-3088 affects the WordPress plugin WP Mail Log (plugin for WP mail logging). The vulnerability is a Stored Cross-Site Scripting (XSS) via email contents in versions up to and including 1.1.1 , caused by insufficient input sanitization and output escaping . Attackers can be unauthenticated...
CVE-2023-5672
CVE-2023-5672 affects the WordPress plugin WP Mail Log prior to version 1.1.3. The vulnerability arises from improper validation of file path parameters when attaching files to emails, located in the wml_logs/send_mail endpoint, which enables a local file inclusion (LFI) condition and may allow a...
CVE-2023-5645
Affected software: WP Mail Log WordPress plugin prior to version 1.1.3. Vulnerability: SQL injection in the wml_logs endpoint caused by improper sanitisation/escaping of a parameter before SQL usage. Impact: high confidentiality, integrity, and availability impacts; exploitability at a low privil...