Approved changes feed: RSS · Atom

cpe:2.3:a:wpvibes:wp_mail_log:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

VendorWpvibes (3c435778-e606-57ed-9002-9f08b3a33462)
ProductWp Mail Log (b59610f1-f87f-5b61-94ba-f4436d2c1604)
Edition*
Language*
Software edition*
Target softwarewordpress
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/dnaber-de/wp-mail-log purl2cpe 2026-06-01 10:17:58.530625

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-5674 vulnerable 2026-06-08 06:19:44.422903 WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs/send_mail endpoint
The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor.
Published: 2023-12-26T18:33:03.106Z
Updated: 2024-08-02T08:07:32.552Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-5673 vulnerable 2026-06-08 06:19:44.422508 WP Mail Log < 1.1.3 – Contributor+ Arbitrary File Upload to RCE
The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution.
Published: 2023-12-26T18:33:03.911Z
Updated: 2024-08-02T08:07:32.474Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-5672 vulnerable 2026-06-08 06:19:44.422212 WP Mail Log < 1.1.3 – Contributor+ LFI in wml_logs/send_mail endpoint
The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files.
Published: 2023-12-26T18:33:09.420Z
Updated: 2024-11-21T19:24:00.859Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-5645 vulnerable 2026-06-08 06:19:44.347713 WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs endpoint
The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor.
Published: 2023-12-26T18:33:05.509Z
Updated: 2024-08-02T08:07:32.639Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-5644 vulnerable 2026-06-08 06:19:44.347337 WP Mail Log < 1.1.3 – Incorrect Authorization in REST API Endpoints
The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users.
Published: 2023-12-26T18:33:08.615Z
Updated: 2024-09-25T20:22:12.674Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-51410 vulnerable 2026-06-08 06:16:17.471673 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-3088 vulnerable 2026-06-08 06:09:38.465518 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-45807 vulnerable 2026-06-08 05:50:37.241342 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.