Lucene search
K
WpvibesWp Mail Log

8 matches found

cve
cve
added 2023/12/26 6:33 p.m.65 views

CVE-2023-5644

The WP Mail Log WordPress plugin (versions before 1.1.3) has an insecure REST API authorization flaw. The vulnerability allows users with the Contributor role to access and delete data that should be Admin-only, due to improper endpoint authorization in the wml/v1 REST API. The impact is exposure...

7.6CVSS7.4AI score0.00499EPSS
Web
cve
cve
added 2023/12/29 1:53 p.m.57 views

CVE-2023-51410

CVE-2023-51410 targets the WP Mail Log plugin (WPVibes) for WordPress, described as an Unrestricted/Restricted Upload of a file with a dangerous type vulnerability. Public details show the issue affects WP Mail Log versions up through 1.1.2 and is associated with an authenticated (Contributor+) A...

9.9CVSS8.5AI score0.00606EPSS
cve
cve
added 2023/12/26 6:33 p.m.55 views

CVE-2023-5673

The CVE-2023-5673 entry concerns the WP Mail Log WordPress plugin (versions before 1.1.3). The vulnerability is due to improper validation of file extensions when uploading attachments to emails, enabling PHP file uploads that can lead to remote code execution. Affected component: the upload hand...

8.8CVSS9.2AI score0.01096EPSS
Web
cve
cve
added 2023/02/02 4:12 p.m.49 views

CVE-2022-45807

CVE-2022-45807 is a CSRF vulnerability in the WPVibes WP Mail Log plugin, affecting versions <= 1.0.1. The NVD entry reports a CVSS v3.1 base score of 8.8 (HIGH) with network attack vector, requiring user interaction and no privileges, and impact to confidentiality, integrity, and availability...

8.8CVSS8.1AI score0.00264EPSS
cve
cve
added 2023/12/26 6:33 p.m.45 views

CVE-2023-5674

The CVE-2023-5674 entry describes a SQL injection in the WP Mail Log WordPress plugin prior to version 1.1.3. The issue arises from improper sanitization/escaping of a parameter used in a SQL statement within the wml_logs/send_mail endpoint, enabling exploitation by users with a low-privilege rol...

8.8CVSS9AI score0.10826EPSS
Web
cve
cve
added 2023/07/12 4:38 a.m.44 views

CVE-2023-3088

CVE-2023-3088 affects the WordPress plugin WP Mail Log (plugin for WP mail logging). The vulnerability is a Stored Cross-Site Scripting (XSS) via email contents in versions up to and including 1.1.1 , caused by insufficient input sanitization and output escaping . Attackers can be unauthenticated...

7.2CVSS5.9AI score0.00458EPSS
cve
cve
added 2023/12/26 6:33 p.m.39 views

CVE-2023-5672

CVE-2023-5672 affects the WordPress plugin WP Mail Log prior to version 1.1.3. The vulnerability arises from improper validation of file path parameters when attaching files to emails, located in the wml_logs/send_mail endpoint, which enables a local file inclusion (LFI) condition and may allow a...

6.5CVSS6.3AI score0.00707EPSS
Web
cve
cve
added 2023/12/26 6:33 p.m.36 views

CVE-2023-5645

Affected software: WP Mail Log WordPress plugin prior to version 1.1.3. Vulnerability: SQL injection in the wml_logs endpoint caused by improper sanitisation/escaping of a parameter before SQL usage. Impact: high confidentiality, integrity, and availability impacts; exploitability at a low privil...

8.8CVSS9AI score0.00721EPSS
Web