Описание
The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.3 (исключая)
cpe:2.3:a:wpvibes:wp_mail_log:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 80%
0.01385
Низкий
8.8 High
CVSS3
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 8.8
github
около 2 лет назад
The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution.
EPSS
Процентиль: 80%
0.01385
Низкий
8.8 High
CVSS3
Дефекты
CWE-434