PatchSiren cyber security CVE debrief
CVE-2023-33999 WPVibes CVE debrief
CVE-2023-33999 is a high-severity DOM-Based XSS vulnerability in WP Mail Log, a WordPress plugin. The vulnerability has a CVSS score of 7.1 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2023-33999). The issue affects WP Mail Log versions from n/a through 1.0.2.
- Vendor
- WPVibes
- Product
- WP Mail Log
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Users of WP Mail Log plugin versions prior to 1.0.2 should update to the latest version to mitigate this vulnerability.
Technical summary
The vulnerability is caused by improper neutralization of input during web page generation, allowing for DOM-Based XSS attacks. The CVSS vector for this vulnerability is [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L](https://nvd.nist.gov/vuln/detail/CVE-2023-33999).
Defensive priority
High
Recommended defensive actions
- Update WP Mail Log to version 1.0.2 or later.
- Review and sanitize user input to prevent DOM-Based XSS attacks.
Evidence notes
The vulnerability was reported by Patchstack and has been documented in the CVE record [cve-org](https://www.cve.org/CVERecord?id=CVE-2023-33999) and NVD detail [nvd](https://nvd.nist.gov/vuln/detail/CVE-2023-33999).
Official resources
-
CVE-2023-33999 CVE record
CVE.org
-
CVE-2023-33999 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2023-33999 was published on 2026-06-11T09:16:25.097Z and modified on 2026-06-11T14:42:47.007Z.