CVE-2023-5672
WP Mail Log < 1.1.3 – Contributor+ LFI in wml_logs/send_mail endpoint
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files.
El complemento WP Mail Log WordPress anterior a 1.1.3 no valida correctamente los parámetros de ruta de archivo al adjuntar archivos a correos electrónicos, lo que provoca la inclusión de archivos locales y permite que un atacante filtre el contenido de archivos arbitrarios.
The WP Mail Log plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.1.2 via the includeAttachment parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to include and read arbitrary files on the server.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-10-20 CVE Reserved
- 2023-11-28 CVE Published
- 2024-11-21 CVE Updated
- 2024-11-21 First Exploit
- 2024-11-25 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/7c1dff5b-bed3-49f8-96cc-1bc9abe78749 | 2024-11-21 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wpvibes Search vendor "Wpvibes" | Wp Mail Log Search vendor "Wpvibes" for product "Wp Mail Log" | < 1.1.3 Search vendor "Wpvibes" for product "Wp Mail Log" and version " < 1.1.3" | wordpress |
Affected
| ||||||