CVE-2023-5673

WP Mail Log < 1.1.3 – Contributor+ Arbitrary File Upload to RCE

EPSS 1.1%

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution.

Productos afectados

Unknown · WP Mail Log

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://wpscan.com/vulnerability/231f72bf-9ad0-417e-b7a0-3555875749e9