PT-2022-13868 · WordPress · Wp Mail Log
Daniel Ruf
·
Published
2022-06-13
·
Updated
2023-08-02
·
CVE-2022-1412
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Log WP Mail WordPress plugin versions 0.1 and earlier
Description
The issue allows any unauthenticated visitor to obtain potentially sensitive information, such as generated passwords, due to sent emails being saved in a publicly accessible directory using predictable filenames.
Recommendations
For Log WP Mail WordPress plugin version 0.1 and earlier, consider updating to a version where this issue is resolved, or as a temporary workaround, restrict access to the publicly accessible directory where sent emails are stored.
Exploit
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Mail Log