CVE-2023-5673
HIGHWpvibes WP Mail Log < 1.1.3 - Unrestricted File Upload
Title source: ruleDescription
The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution.
References (1)
Core 1
Core References
Exploit, Third Party Advisory exploit
vdb-entry
technical-description
https://wpscan.com/vulnerability/231f72bf-9ad0-417e-b7a0-3555875749e9
Scores
CVSS v3
8.8
EPSS
0.0138
EPSS Percentile
80.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
wpvibes/wp_mail_log
< 1.1.3
Published
Dec 26, 2023
Tracked Since
Feb 18, 2026