CVE-2023-5645: 
WordPress vulnerability analysis and mitigation

CVE-2023-5645 affects the WP Mail Log WordPress plugin versions before 1.1.3. The vulnerability was discovered and publicly disclosed on November 28, 2023. This security issue impacts WordPress installations using the affected plugin versions, specifically targeting the wml_logs endpoint (WPScan).

The vulnerability is classified as a SQL injection (SQLI) with a CVSS v3.1 base score of 8.8 (HIGH), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The issue stems from improper sanitization and escaping of parameters before their use in SQL statements. The vulnerability is categorized under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) (NVD).

The vulnerability allows attackers with a role as low as Contributor to perform SQL injection attacks against the affected WordPress installations. This could potentially lead to unauthorized access to the database, data manipulation, and possible compromise of the WordPress installation (WPScan).

The vulnerability has been patched in WP Mail Log version 1.1.3. Users are advised to update to this version or later to mitigate the risk. No alternative workarounds have been publicly documented (WPScan).