← back
CVE-2023-5672

WP Mail Log < 1.1.3 – Contributor+ LFI in wml_logs/send_mail endpoint

EPSS 0.7%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
26 Dec 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files.
Affected products
Unknown · WP Mail Log