CVE-2023-5673Unrestricted File Upload in WP Mail LOG

CWE-434Unrestricted File Upload3 documents3 sources
Severity
8.8HIGHNVD
EPSS
1.4%
top 19.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Wpvibes WP Mail LOG
Timeline
PublishedDec 26

Description

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDwpvibes/wp_mail_log< 1.1.3

🔴Vulnerability Details

2
GHSA
GHSA-rxww-qvhg-88h2: The WP Mail Log WordPress plugin before 12023-12-26
CVEList
WP Mail Log < 1.1.3 – Contributor+ Arbitrary File Upload to RCE2023-12-26
CVE-2023-5673 — Unrestricted File Upload in WP Mail LOG | cvebase