Every CVE whose affected-product data names Wpvibes Wp Mail Log, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2023-51410 — CVSS 9.9 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log.This issue affects WP Mail Log: from n/a through 1.1.2.
CVE-2023-5674 — CVSS 8.8 (high): The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading…
CVE-2023-5645 — CVSS 8.8 (high): The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading…
CVE-2023-5673 — CVSS 8.8 (high): The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing…
CVE-2023-5644 — CVSS 7.6 (high): The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role…
CVE-2023-3088 — CVSS 7.2 (high): The WP Mail Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including…
CVE-2023-5672 — CVSS 6.5 (medium): The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to…