cleantalk
Vulnerabilities and Security Researches

WP Mail Logging, CVE-2023-3081

CVE, Research URL

CVE-2023-3081

Home page URL

Security reports for WP Mail Logging

Application

WP Mail Logging

Published on
Jul 12, 2023
Research Description
The WP Mail Logging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 1.11.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: An incomplete fix was released in 1.11.1.
Affected versions
Min -, max 1.12.0.
Status
vulnerable
Previous vulnerability researches
WP Mail Logging (CVE-2021-38314) , Jun 07, 2024
WP Mail Logging (CVE-2023-3081) , Jun 07, 2024
New vulnerability
OSM Map Widget for Elementor (CVE-2025-8619) , Aug 30, 2025
Simple Page Access Restriction (CVE-2025-58202) , Aug 30, 2025
Chartbeat (CVE-2025-53250) , Aug 30, 2025
Table Editor (CVE-2025-48310) , Aug 30, 2025
WP Thumbtack Review Slider (CVE-2025-58216) , Aug 30, 2025