Lucene search
K

119 matches found

Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.4 views

PT-2023-31785 · WordPress · User Activity Log Pro

Name of the Vulnerable Software and Affected Versions: user-activity-log-pro WordPress plugin versions prior to 2.3.4 Description: The issue allows an attacker to manipulate the client IP address value by exploiting the plugin's retrieval of IP addresses from potentially untrusted headers. This c...

7.5CVSS7.6AI score0.0055EPSS
Exploits2References5
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.12 views

WordPress plugin user-activity-log-pro security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...

7.5CVSS6.6AI score0.0055EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.4 views

WordPress plugin User Activity Log Pro Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability in the WordPre...

5.4CVSS5.9AI score0.00394EPSS
Exploits2References2
Patchstack
Patchstack
added 2023/09/26 12:0 a.m.13 views

WordPress User Activity Log Pro Plugin < 2.3.4 is vulnerable to Cross Site Scripting (XSS)

Software User Activity Log Pro Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5167 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 89ef9c440ecf Credits Bartlomiej Mar...

5.4CVSS5.9AI score0.00394EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2023/09/26 12:0 a.m.18 views

WordPress User Activity Log Pro Plugin < 2.3.4 is vulnerable to Bypass Vulnerability

Software User Activity Log Pro Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-5133 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 06c08325ccb9 Credits Bartlomiej Marek and...

7.5CVSS6.9AI score0.0055EPSS
Exploits2References2Affected Software1
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.132 views

User Activity Log Pro < 2.3.4 - IP Spoofing

Description This plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic. 1. In User Activity Log Settings, enable the setting "Allow Ip Address of users to log." and save...

7.5CVSS7.6AI score0.0055EPSS
Exploits2
OSV
OSV
added 2023/09/04 12:15 p.m.2 views

CVE-2023-4279

This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic...

7.5CVSS7.3AI score0.00853EPSS
Exploits2References1
NVD
NVD
added 2023/09/04 12:15 p.m.23 views

CVE-2023-4269

The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses...

4.3CVSS4.6AI score0.00427EPSS
Exploits2References1
OSV
OSV
added 2023/09/04 12:15 p.m.7 views

CVE-2023-4269

The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses...

4.3CVSS7.3AI score0.00427EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/09/04 11:27 a.m.8 views

CVE-2023-4279 User Activity Log < 1.6.7 - IP Spoofing

This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic...

6.6AI score0.00853EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/09/04 11:26 a.m.6 views

CVE-2023-4269 User Activity Log < 1.6.6 - Subscriber+ Log Export

The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses...

4.6AI score0.00427EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/09/04 12:0 a.m.5 views

WordPress plugin User Activity Log security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

7.5CVSS6.5AI score0.00853EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/09/04 12:0 a.m.4 views

PT-2023-28509 · WordPress · User Activity Log

Name of the Vulnerable Software and Affected Versions: User Activity Log WordPress plugin versions prior to 1.6.6 Description: The issue is related to a lack of proper authorization in the User Activity Log WordPress plugin, allowing any authenticated users to export activity logs and retrieve...

4.3CVSS5.2AI score0.00427EPSS
Exploits2References6
CNNVD
CNNVD
added 2023/09/04 12:0 a.m.6 views

WordPress plugin User Activity Log security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability in the WordPress plugin Us...

4.3CVSS6.6AI score0.00427EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/08/21 12:0 a.m.10 views

PT-2023-28584 · WordPress · User Activity Log

Name of the Vulnerable Software and Affected Versions: User Activity Log WordPress plugin versions prior to 1.6.7 Description: The issue allows an attacker to manipulate the client IP address value retrieved by the plugin, potentially hiding the source of malicious traffic. This is due to the...

7.5CVSS7.8AI score0.00853EPSS
Exploits2References7
OSV
OSV
added 2023/08/14 8:15 p.m.2 views

CVE-2023-3435

The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks...

9.8CVSS7.3AI score0.00808EPSS
Exploits2References1
NVD
NVD
added 2023/08/14 8:15 p.m.16 views

CVE-2023-3435

The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks...

9.8CVSS9.8AI score0.00808EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/08/14 7:10 p.m.13 views

CVE-2023-3435 User Activity Log < 1.6.5 - Unauthenticated SQLi

The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks...

7.5AI score0.00808EPSS
Exploits2References1
CVE
CVE
added 2023/08/14 7:10 p.m.77 views

CVE-2023-3435

CVE-2023-3435 affects the WordPress plugin User Activity Log, versions before 1.6.5. The root cause is improper sanitization/escaping of parameters used in an SQL statement during the plugin’s export feature, enabling unauthenticated SQL injection. The vulnerability is rated CRITICAL (CVSS v3.1: ...

9.8CVSS9.8AI score0.00808EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/08/14 7:10 p.m.22 views

CVE-2023-3435 User Activity Log < 1.6.5 - Unauthenticated SQLi

The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks...

10AI score0.00808EPSS
Exploits2References1
Rows per page
Query Builder