exploitDog

GHSA-rxww-qvhg-88h2

Опубликовано: 26 дек. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution.

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution.

Ссылки

EPSS

Процентиль: 80%

0.01385

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-434

Связанные уязвимости

CVE-2023-5673

CVSS3: 8.8

nvd

около 2 лет назад

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution.

EPSS

Процентиль: 80%

0.01385

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-434