Vulnerabilities > CVE-2023-5644 - Incorrect Authorization vulnerability in Wpvibes WP Mail LOG

CVSS 7.6 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

LOW

Availability impact

LOW

network

low complexity

wpvibes

CWE-863

NVD

Published: 2023-12-26

Updated: 2024-09-25

Summary

The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users.

Vulnerable Configurations

Part	Description	Count
Application	Wpvibes Wpvibes WP Mail LOG - Wpvibes WP Mail LOG 0.3 Wpvibes WP Mail LOG 0.4 Wpvibes WP Mail LOG 0.5 Wpvibes WP Mail LOG 1.0 Wpvibes WP Mail LOG 1.0.1 Wpvibes WP Mail LOG 1.0.2 Wpvibes WP Mail LOG 1.1 Wpvibes WP Mail LOG 1.1.1 Wpvibes WP Mail LOG 1.1.2	10

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://wpscan.com/vulnerability/08f1d623-0453-4103-a9aa-2d0ddb6eb69e