CVE-2023-5673
HIGHWP Mail Log < 1.1.3 - Unrestricted PHP File Upload and Remote Code Execution
Title source: llmDescription
The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution.
References (1)
Core 1
Core References
Exploit, Third Party Advisory exploit
vdb-entry
technical-description
https://wpscan.com/vulnerability/231f72bf-9ad0-417e-b7a0-3555875749e9
Scores
CVSS v3
8.8
EPSS
0.0110
EPSS Percentile
61.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
wpvibes/wp_mail_log
< 1.1.3
Published
Dec 26, 2023
Tracked Since
Feb 18, 2026