CVE-2023-5644

high

Description

The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users.

References

https://wpscan.com/vulnerability/08f1d623-0453-4103-a9aa-2d0ddb6eb69e

Details

Source: Mitre, NVD

Published: 2023-12-26

Updated: 2024-09-25

Risk Information

CVSS v2

Base Score: 8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.6

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L