VYPR
Unrated severityNVD Advisory· Published Dec 26, 2023· Updated Aug 2, 2024

WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs endpoint

CVE-2023-5645

Description

The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • WordPress/WP Mail Log WordPress plugindescription
  • Range: <1.1.3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.