Wp Mail Log
Approved changes feed: RSS · Atom
cpe:2.3:a:wpvibes:wp_mail_log:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Wpvibes (3c435778-e606-57ed-9002-9f08b3a33462) |
|---|---|
| Product | Wp Mail Log (b59610f1-f87f-5b61-94ba-f4436d2c1604) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/dnaber-de/wp-mail-log |
purl2cpe | 2026-06-01 10:17:58.530625 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-5674 |
vulnerable | 2026-06-08 06:19:44.422903 |
WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs/send_mail endpoint
The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor.
Published: 2023-12-26T18:33:03.106Z
Updated: 2024-08-02T08:07:32.552Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-5673 |
vulnerable | 2026-06-08 06:19:44.422508 |
WP Mail Log < 1.1.3 – Contributor+ Arbitrary File Upload to RCE
The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution.
Published: 2023-12-26T18:33:03.911Z
Updated: 2024-08-02T08:07:32.474Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-5672 |
vulnerable | 2026-06-08 06:19:44.422212 |
WP Mail Log < 1.1.3 – Contributor+ LFI in wml_logs/send_mail endpoint
The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files.
Published: 2023-12-26T18:33:09.420Z
Updated: 2024-11-21T19:24:00.859Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-5645 |
vulnerable | 2026-06-08 06:19:44.347713 |
WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs endpoint
The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor.
Published: 2023-12-26T18:33:05.509Z
Updated: 2024-08-02T08:07:32.639Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-5644 |
vulnerable | 2026-06-08 06:19:44.347337 |
WP Mail Log < 1.1.3 – Incorrect Authorization in REST API Endpoints
The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users.
Published: 2023-12-26T18:33:08.615Z
Updated: 2024-09-25T20:22:12.674Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-51410 |
vulnerable | 2026-06-08 06:16:17.471673 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3088 |
vulnerable | 2026-06-08 06:09:38.465518 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-45807 |
vulnerable | 2026-06-08 05:50:37.241342 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.