CVE-2023-5672
WP Mail Log < 1.1.3 – Contributor+ LFI in wml_logs/send_mail endpoint
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
26 Dec 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files.
Affected products
Unknown · WP Mail Log