CVE-2023-5672

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Dec 26, 2023
Updated: Jan 4, 2024
CWE ID 22

Summary

CVE-2023-5672 is a vulnerability affecting the WP Mail Log WordPress plugin before version 1.1.3. This issue stems from insufficient validation of file path parameters during email attachment processing. An attacker can exploit this flaw to perform local file inclusion and leak the contents of arbitrary files, potentially leading to significant data exposure. Users are advised to update to the latest plugin version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share