421 matches found
EUVD-2023-34219
Malicious code in bioql PyPI...
CVE-2025-48339
Missing Authorization vulnerability in activity-log.com Profiler - What Slowing Down Your WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Profiler - What Slowing Down Your WP: from n/a through 1.0.0...
CVE-2025-48339
CVE-2025-48339 concerns the WordPress plugin Profiler – What Slowing Down Your WP, with a Missing Authorization (Broken Access Control) vulnerability. Affected versions are n/a through 1.0.0. Root cause is incorrectly configured access control security levels leading to unauthorized access. The C...
CVE-2025-48339 WordPress Profiler - What Slowing Down Your WP <= 1.0.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in activity-log.com Profiler - What Slowing Down Your WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Profiler - What Slowing Down Your WP: from n/a through 1.0.0...
CVE-2025-0324
creationtimestamp| type| source ---|---|--- 2025-06-02 08:59:30+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqmfwa36fse2 2025-06-02 09:01:34+00:00| seen| Telegram/VQ0FQ5ZLin3xUorKYhfcFNtdNKkFwfxKkGrKdLfMt-CdeI0 2025-06-02...
CVE-2025-48054
creationtimestamp| type| source ---|---|--- 2025-05-27 04:47:52+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17604 2025-05-27 05:00:43+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq4vsqoyz352 2025-05-27...
CVE-2024-37929
Missing Authorization vulnerability in solwin User Activity Log Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Activity Log Pro: from n/a through 2.3.4...
CVE-2023-37966
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.This issue affects User Activity Log: from n/a through 1.6.2...
CVE-2023-5167
The User Activity Log Pro WordPress plugin before 2.3.4 does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Scripting attacks...
CVE-2023-5133
This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic...
CVE-2023-3435
The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks...
CVE-2023-2284
The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxswitchdb function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level or higher to make...
CVE-2022-3941
A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely...
CVE-2016-10890
The aryo-activity-log plugin before 2.3.2 for WordPress has XSS...
CVE-2023-6030 LogDash Activity Log < 1.1.4 - Unauthenticated SQLi
The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wploginfailed function from src/Hooks/Users.php in order to log failed login attempts to the database but it doesn't escape the username when it perform some SQL request leading to a SQL injection vulnerability which can be exploite...
CVE-2023-6030
The CVE-2023-6030 entry relates to the WordPress plugin LogDash Activity Log (versions before 1.1.4). The vulnerability arises when the plugin logs failed logins in src/Hooks/Users.php via wp_login_failed without escaping the username in a SQL query, causing a SQL injection. The risk is described...
PT-2025-21372
Name of the Vulnerable Software and Affected Versions: LogDash Activity Log WordPress plugin versions prior to 1.1.4 Description: The issue concerns a SQL injection vulnerability. It occurs because the plugin does not properly escape the username when performing SQL requests, specifically when...
WordPress plugin LogDash Activity Log 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...
GHSA-9PCC-GVX5-R5WM
creationtimestamp| type| source ---|---|--- 2025-05-06 17:13:47+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114462007419812570 2025-05-06 18:21:38+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15182 2025-05-06 19:30:34+00:00| published-proof-of-concept|...
CVE-2025-4238
creationtimestamp| type| source ---|---|--- 2025-05-03 17:17:57+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14700 2025-05-03 18:06:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lobwjls6gk2j 2025-05-03 19:00:35+00:00| published-proof-of-concept|...