Lucene search

K
prionPRIOn knowledge basePRION:CVE-2023-2261
HistoryJun 09, 2023 - 1:15 p.m.

Authorization

2023-06-0913:15:00
PRIOn knowledge base
www.prio-n.com
3
wordpress
activity log
plugin
authorization bypass
capability check
authenticated attackers
subscriber-level access
user accounts

4.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.9%

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of users with accounts on the site. This includes ids, usernames and emails.

4.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.9%

Related for PRION:CVE-2023-2261