CVE-2023-5673

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wpvibes:wp_mail_log:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 08:42

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/231f72bf-9ad0-417e-b7a0-3555875749e9 - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/231f72bf-9ad0-417e-b7a0-3555875749e9 - Exploit, Third Party Advisory

04 Jan 2024, 17:09

Type Values Removed Values Added
CWE CWE-434
CPE cpe:2.3:a:wpvibes:wp_mail_log:*:*:*:*:*:wordpress:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
References () https://wpscan.com/vulnerability/231f72bf-9ad0-417e-b7a0-3555875749e9 - () https://wpscan.com/vulnerability/231f72bf-9ad0-417e-b7a0-3555875749e9 - Exploit, Third Party Advisory

26 Dec 2023, 20:34

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-26 19:15

Updated : 2024-11-21 08:42


NVD link : CVE-2023-5673

Mitre link : CVE-2023-5673

CVE.ORG link : CVE-2023-5673


JSON object : View

Products Affected

wpvibes

  • wp_mail_log
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type