CVE-2023-5674: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2023-5674 affects the WP Mail Log WordPress plugin versions before 1.1.3. The vulnerability was discovered and publicly disclosed on November 28, 2023. It involves an SQL injection vulnerability in the plugin's wml_logs/send_mail endpoint that can be exploited by users with Contributor-level access or higher (WPScan Advisory).

The vulnerability stems from improper sanitization and escaping of a parameter before its use in SQL statements. It has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-89 (SQL Injection) and falls under the OWASP Top 10 category A1: Injection (NVD, WPScan Advisory).

The SQL injection vulnerability allows authenticated users with Contributor-level access to execute arbitrary SQL commands on the affected WordPress installation's database. This could potentially lead to unauthorized access to sensitive information, data manipulation, or database compromise (WPScan Advisory).

The vulnerability has been fixed in version 1.1.3 of the WP Mail Log plugin. Users are advised to update to this version or later to mitigate the risk (WPScan Advisory).