Lucene search

K
cvelistWPScanCVELIST:CVE-2023-4269
HistorySep 04, 2023 - 11:26 a.m.

CVE-2023-4269 User Activity Log < 1.6.6 - Subscriber+ Log Export

2023-09-0411:26:56
WPScan
www.cve.org
wordpress
plugin
authorisation
pii
email addresses

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.0%

The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "User Activity Log",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.6.6"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.0%

Related for CVELIST:CVE-2023-4269