Vulnerability Details CVE-2023-5673
The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 61.3%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2023-5673
-
cpe:2.3:a:wpvibes:wp_mail_log:-
-
cpe:2.3:a:wpvibes:wp_mail_log:0.3
-
cpe:2.3:a:wpvibes:wp_mail_log:0.4
-
cpe:2.3:a:wpvibes:wp_mail_log:0.5
-
cpe:2.3:a:wpvibes:wp_mail_log:1.0
-
cpe:2.3:a:wpvibes:wp_mail_log:1.0.1
-
cpe:2.3:a:wpvibes:wp_mail_log:1.0.2
-
cpe:2.3:a:wpvibes:wp_mail_log:1.1
-
cpe:2.3:a:wpvibes:wp_mail_log:1.1.1
-
cpe:2.3:a:wpvibes:wp_mail_log:1.1.2