CVE-2023-4269

🗓️ 04 Sep 2023 11:26:56Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 48 Views🌐 WEB

User Activity Log WordPress plugin vulnerabilit

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2023-4269	4 Sep 202316:16	–	circl
CNNVD	WordPress plugin User Activity Log security vulnerability	4 Sep 202300:00	–	cnnvd
Cvelist	CVE-2023-4269 User Activity Log < 1.6.6 - Subscriber+ Log Export	4 Sep 202311:26	–	cvelist
EUVD	EUVD-2023-54140	3 Oct 202520:07	–	euvd
NVD	CVE-2023-4269	4 Sep 202312:15	–	nvd
Prion	Code injection	4 Sep 202312:15	–	prion
Positive Technologies	PT-2023-28509 · WordPress · User Activity Log	4 Sep 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-4269	9 Jan 202612:31	–	redhatcve
Vulnrichment	CVE-2023-4269 User Activity Log < 1.6.6 - Subscriber+ Log Export	4 Sep 202311:26	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (August 7, 2023 to August 13, 2023)	17 Aug 202313:45	–	wordfence

NVD

Vulners

Node

solwininfotech user_activity_logRange<1.6.6wordpress

[
  {
    "vendor": "Unknown",
    "product": "User Activity Log",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.6.6"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/db3e4336-117c-47f2-9b43-2ca115525297

Parameter	Position	Path	Description	CWE
page	query param	/wp-admin/admin-post.php	Lacks proper authorization for exporting activity logs via the admin-post export endpoint, enabling authenticated users to retrieve PII such as email addresses.	CWE-863
export	query param	/wp-admin/admin-post.php	Lacks proper authorization for exporting activity logs via the admin-post export endpoint, enabling authenticated users to retrieve PII such as email addresses.	CWE-863
logformat	query param	/wp-admin/admin-post.php	Lacks proper authorization for exporting activity logs via the admin-post export endpoint, enabling authenticated users to retrieve PII such as email addresses.	CWE-863
userrole	query param	/wp-admin/admin-post.php	Lacks proper authorization for exporting activity logs via the admin-post export endpoint, enabling authenticated users to retrieve PII such as email addresses.	CWE-863
dateshow	query param	/wp-admin/admin-post.php	Lacks proper authorization for exporting activity logs via the admin-post export endpoint, enabling authenticated users to retrieve PII such as email addresses.	CWE-863
username	query param	/wp-admin/admin-post.php	Lacks proper authorization for exporting activity logs via the admin-post export endpoint, enabling authenticated users to retrieve PII such as email addresses.	CWE-863
type	query param	/wp-admin/admin-post.php	Lacks proper authorization for exporting activity logs via the admin-post export endpoint, enabling authenticated users to retrieve PII such as email addresses.	CWE-863
showip	query param	/wp-admin/admin-post.php	Lacks proper authorization for exporting activity logs via the admin-post export endpoint, enabling authenticated users to retrieve PII such as email addresses.	CWE-863
txtsearch	query param	/wp-admin/admin-post.php	Lacks proper authorization for exporting activity logs via the admin-post export endpoint, enabling authenticated users to retrieve PII such as email addresses.	CWE-863
export-nonce	query param	/wp-admin/admin-post.php	Lacks proper authorization for exporting activity logs via the admin-post export endpoint, enabling authenticated users to retrieve PII such as email addresses.	CWE-863

23 Apr 2025 17:16Current

4.9Medium risk

Vulners AI Score4.9

CVSS 3.14.3

EPSS0.00139

SSVC

CWE-863