Unrated severityNVD Advisory· Published Dec 26, 2023· Updated Aug 2, 2024
WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs/send_mail endpoint
CVE-2023-5674
Description
The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/WP Mail Log WordPress plugindescription
- Range: <1.1.3
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/32a23d0d-7ece-4870-a99d-f3f344be2d67mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.