cbcvebase.
CVE-2023-5672
published 2023-12-26

CVE-2023-5672: The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion…

PriorityP339medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.71%
48.8th percentile
The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files.

Affected

9 ranges
VendorProductVersion rangeFixed in
linuxlinux_kernel>= 3.9.0 < 4.19.2834.19.283
linuxlinux_kernel>= 4.20.0 < 5.4.2435.4.243
linuxlinux_kernel>= 5.11.0 < 5.15.1115.15.111
linuxlinux_kernel>= 5.16.0 < 6.1.286.1.28
linuxlinux_kernel>= 5.5.0 < 5.10.1805.10.180
linuxlinux_kernel>= 6.2.0 < 6.2.156.2.15
linuxlinux_kernel>= 6.3.0 < 6.3.26.3.2
msrcmicrosoft_edge
wpvibeswp_mail_log< 1.1.31.1.3

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vendor_msrc4.7MEDIUM
vendor_redhat4.7LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.