CVE-2023-5672

CWE-22Path TraversalCWE-3679 documents9 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 45.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown WP Mail LOGWpvibes WP Mail LOG
Timeline
PublishedDec 26
Latest updateDec 24

Description

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5unknown/wp_mail_log< 1.1.3
NVDwpvibes/wp_mail_log< 1.1.3

🔴Vulnerability Details

3
OSV
vmci_host: fix a race condition in vmci_host_poll() causing GPF2025-12-24
GHSA
GHSA-pq3w-qg2x-wx83: The WP Mail Log WordPress plugin before 12023-12-26
CVEList
WP Mail Log < 1.1.3 – Contributor+ LFI in wml_logs/send_mail endpoint2023-12-26

💥Exploits & PoCs

1
Exploit-DB
PandoraFMS 7.0NG.772 - SQL Injection2025-04-10

📋Vendor Advisories

1
Microsoft
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability2023-05-09

📄Research Papers

1
CTF
FesseMisk / README2024
CVE-2023-5672 (MEDIUM CVSS 6.5) | The WP Mail Log WordPress plugin be | cvebase.io