CVE-2022-1412

Summary

The Log WP_Mail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords.

Affected Software

VendorProductVersion RangeStatus
UnknownLog WP_Mail0 <= 0.1affected

Weaknesses

  • CWE-732 Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CVE Program Container

Additional References

References