4 matches found
CVE-2023-2286
The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajaxruncleanup function. This makes it possible for unauthenticated attackers to invoke this function via a forged...
CVE-2023-2286
The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajaxruncleanup function. This makes it possible for unauthenticated attackers to invoke this function via a forged...
Cross site request forgery (csrf)
The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajaxruncleanup function. This makes it possible for unauthenticated attackers to invoke this function via a forged...
PT-2023-18734 · WordPress · Wp Activity Log
Name of the Vulnerable Software and Affected Versions: WP Activity Log for WordPress versions up to, and including, 4.5.0 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax run cleanup function. This allows unauthenticated...