24 matches found
EUVD-2024-29958
Malicious code in bioql PyPI...
CVE-2024-37929
Missing Authorization vulnerability in solwin User Activity Log Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Activity Log Pro: from n/a through 2.3.4...
CVE-2023-5167
The User Activity Log Pro WordPress plugin before 2.3.4 does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Scripting attacks...
CVE-2024-32137
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Solwin User Activity Log Pro.This issue affects User Activity Log Pro: from n/a through 2.3.4...
CVE-2024-37929
CVE-2024-37929 is a Missing Authorization vulnerability in the Solwin User Activity Log Pro WordPress plugin, affecting versions up to and including 2.3.4. Public sources describe an incorrect access control configuration enabling unauthorized access to certain functionality. The CVE record lists...
CVE-2024-37929 WordPress User Activity Log Pro plugin <= 2.3.4 - Subscriber+ Multiple Broken Access Control vulnerability
Missing Authorization vulnerability in solwin User Activity Log Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Activity Log Pro: from n/a through 2.3.4...
WordPress User Activity Log Pro Plugin <= 2.3.4 is vulnerable to Broken Access Control
Software User Activity Log Pro Type Plugin Vulnerable versions = 2.3.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37929 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID a51ba27e9212 Credits Dave Jong Patchstac...
User Activity Log Pro <= 2.3.4 - Authenticated (Subscriber+) SQL Injection
Description The User Activity Log Pro plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...
CVE-2024-32137
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Solwin User Activity Log Pro.This issue affects User Activity Log Pro: from n/a through 2.3.4...
CVE-2024-32137
CVE-2024-32137 is an authenticated SQL Injection in Solwin User Activity Log Pro (WordPress plugin) affecting versions up to 2.3.4. The vulnerability stems from improper neutralization of SQL elements, enabling an attacker with LOW privileges and no UI interaction to exploit over the network. The...
CVE-2024-32137 WordPress User Activity Log Pro plugin <= 2.3.4 - Auth. SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Solwin User Activity Log Pro.This issue affects User Activity Log Pro: from n/a through 2.3.4...
CVE-2024-32137 WordPress User Activity Log Pro plugin <= 2.3.4 - Auth. SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Solwin User Activity Log Pro.This issue affects User Activity Log Pro: from n/a through 2.3.4...
WordPress User Activity Log Pro plugin <= 2.3.4 - Subscriber+ SQL Injection vulnerability
Subscriber+ SQL Injection vulnerability discovered by Dave Jong Patchstack in WordPress Plugin User Activity Log Pro versions = 2.3.4...
WordPress User Activity Log Pro Plugin <= 2.3.4 is vulnerable to SQL Injection
Software User Activity Log Pro Type Plugin Vulnerable versions = 2.3.4 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32137 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 2210c42a0a13 Credits Dave Jong Patchstack Required privilege...
CVE-2023-5167
The User Activity Log Pro WordPress plugin before 2.3.4 does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Scripting attacks...
Cross site scripting
The User Activity Log Pro WordPress plugin before 2.3.4 does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Scripting attacks...
CVE-2023-5133 User Activity Log Pro < 2.3.4 - IP Spoofing
This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic...
CVE-2023-5133 User Activity Log Pro < 2.3.4 - IP Spoofing
This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic...
CVE-2023-5167
CVE-2023-5167 affects WordPress plugin User Activity Log Pro
WordPress plugin user-activity-log-pro security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...