CVE-2023-5644: 
WordPress vulnerability analysis and mitigation

The WP Mail Log WordPress plugin versions before 1.1.3 contains a security vulnerability identified as CVE-2023-5644. This vulnerability was discovered and publicly disclosed on November 28, 2023. The issue affects the plugin's REST API endpoints authorization mechanism, which incorrectly allows users with Contributor role to access functionality that should be restricted to Admin users (WPScan Advisory, NVD).

The vulnerability is classified as an Incorrect Authorization issue (CWE-863) and has been assigned a CVSS v3.1 base score of 7.6 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L. The technical issue lies in the REST API endpoints of the plugin, which fail to properly validate user permissions, allowing lower-privileged users to access administrative functions (NVD).

The vulnerability allows users with Contributor privileges to view and delete mail log data, access plugin settings, and potentially send log information to arbitrary email addresses. This represents a significant breach of access control and could lead to unauthorized data access and manipulation (WPScan Advisory).

The vulnerability has been fixed in version 1.1.3 of the WP Mail Log plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan Advisory).