Stored Cross-Site Scripting Vulnerability in WP Mail Log Plugin for WordPress
CVE-2023-3088

6.1MEDIUM

Key Information:

Vendor
Wordpress
Vendor
CVE Published:
12 July 2023

Summary

The WP Mail Log plugin for WordPress is subject to a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping in email contents. This flaw grants unauthenticated attackers the opportunity to embed malicious web scripts into the plugin, which can then be executed when a user accesses affected pages. Such an exploitation could lead to significant security breaches, compromising user data and site integrity.

Affected Version(s)

WP Mail Log * <= 1.1.1

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Alex Thomas
.