CVE-2023-51410 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2023-51410?

CVE-2023-51410 has a CVSS score of 9.9 (CRITICAL). This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites running the WP Mail Log plugin. Attackers can upload malicious files like PHP shells to achieve remote code execution. All WordPress sites using WP Mail Log version 1.1.2 or earlier are affected.

📋 TL;DR

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites running the WP Mail Log plugin. Attackers can upload malicious files like PHP shells to achieve remote code execution. All WordPress sites using WP Mail Log version 1.1.2 or earlier are affected.

💻 Affected Systems

Products:

WPVibes WP Mail Log WordPress Plugin

Versions: All versions up to and including 1.1.2

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all WordPress installations with the vulnerable plugin version installed and activated.

📦 What is this software?

Wp Mail Log by Wpvibes

View all CVEs affecting Wp Mail Log →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, ransomware deployment, or website defacement through remote code execution.

🟠

Likely Case

Attackers upload web shells to gain persistent access, install malware, or pivot to internal networks.

🟢

If Mitigated

File uploads blocked or restricted to safe types, preventing malicious file execution.

🌐 Internet-Facing: HIGH - WordPress sites are internet-facing by default, making them directly accessible to attackers.

🏢 Internal Only: LOW - This primarily affects internet-facing WordPress installations.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires no authentication and uses simple HTTP requests to upload malicious files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.1.3

Vendor Advisory: https://patchstack.com/database/vulnerability/wp-mail-log/wordpress-wp-mail-log-plugin-1-1-2-arbitrary-file-upload-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WP Mail Log and click 'Update Now'. 4. Verify version is 1.1.3 or later.

🔧 Temporary Workarounds

Disable WP Mail Log Plugin

all

Temporarily deactivate the vulnerable plugin until patched.

wp plugin deactivate wp-mail-log

Restrict File Uploads via Web Server

linux

Configure web server to block PHP file uploads to WordPress uploads directory.

# Add to .htaccess in wp-content/uploads:
<Files *.php>
    deny from all
</Files>

🧯 If You Can't Patch

Remove WP Mail Log plugin completely from the WordPress installation
Implement web application firewall rules to block file upload requests to vulnerable endpoints

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for WP Mail Log version 1.1.2 or earlier.

Check Version:

wp plugin get wp-mail-log --field=version

Verify Fix Applied:

Confirm WP Mail Log version is 1.1.3 or later in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to /wp-content/plugins/wp-mail-log/upload.php with file uploads
Unusual file creations in wp-content/uploads directory

Network Indicators:

POST requests to WordPress upload endpoints with PHP or executable file extensions

SIEM Query:

source="web_server" AND (uri_path="/wp-content/plugins/wp-mail-log/upload.php" OR file_extension="php" AND upload_action=true)

📊 Metadata

CVE ID: CVE-2023-51410

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-434

Published: December 29, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-51410, you might also want to check these: