CVE-2023-5672

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wpvibes:wp_mail_log:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 08:42

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/7c1dff5b-bed3-49f8-96cc-1bc9abe78749 - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/7c1dff5b-bed3-49f8-96cc-1bc9abe78749 - Exploit, Third Party Advisory

04 Jan 2024, 17:08

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
References () https://wpscan.com/vulnerability/7c1dff5b-bed3-49f8-96cc-1bc9abe78749 - () https://wpscan.com/vulnerability/7c1dff5b-bed3-49f8-96cc-1bc9abe78749 - Exploit, Third Party Advisory
CWE CWE-22
CPE cpe:2.3:a:wpvibes:wp_mail_log:*:*:*:*:*:wordpress:*:*

26 Dec 2023, 20:34

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-26 19:15

Updated : 2024-11-21 08:42


NVD link : CVE-2023-5672

Mitre link : CVE-2023-5672

CVE.ORG link : CVE-2023-5672


JSON object : View

Products Affected

wpvibes

  • wp_mail_log
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')