119 matches found
PT-2023-31785 · WordPress · User Activity Log Pro
Name of the Vulnerable Software and Affected Versions: user-activity-log-pro WordPress plugin versions prior to 2.3.4 Description: The issue allows an attacker to manipulate the client IP address value by exploiting the plugin's retrieval of IP addresses from potentially untrusted headers. This c...
WordPress plugin user-activity-log-pro security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...
WordPress plugin User Activity Log Pro Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability in the WordPre...
WordPress User Activity Log Pro Plugin < 2.3.4 is vulnerable to Cross Site Scripting (XSS)
Software User Activity Log Pro Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5167 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 89ef9c440ecf Credits Bartlomiej Mar...
WordPress User Activity Log Pro Plugin < 2.3.4 is vulnerable to Bypass Vulnerability
Software User Activity Log Pro Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-5133 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 06c08325ccb9 Credits Bartlomiej Marek and...
User Activity Log Pro < 2.3.4 - IP Spoofing
Description This plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic. 1. In User Activity Log Settings, enable the setting "Allow Ip Address of users to log." and save...
CVE-2023-4279
This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic...
CVE-2023-4269
The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses...
CVE-2023-4269
The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses...
CVE-2023-4279 User Activity Log < 1.6.7 - IP Spoofing
This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic...
CVE-2023-4269 User Activity Log < 1.6.6 - Subscriber+ Log Export
The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses...
WordPress plugin User Activity Log security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2023-28509 · WordPress · User Activity Log
Name of the Vulnerable Software and Affected Versions: User Activity Log WordPress plugin versions prior to 1.6.6 Description: The issue is related to a lack of proper authorization in the User Activity Log WordPress plugin, allowing any authenticated users to export activity logs and retrieve...
WordPress plugin User Activity Log security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability in the WordPress plugin Us...
PT-2023-28584 · WordPress · User Activity Log
Name of the Vulnerable Software and Affected Versions: User Activity Log WordPress plugin versions prior to 1.6.7 Description: The issue allows an attacker to manipulate the client IP address value retrieved by the plugin, potentially hiding the source of malicious traffic. This is due to the...
CVE-2023-3435
The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks...
CVE-2023-3435
The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks...
CVE-2023-3435 User Activity Log < 1.6.5 - Unauthenticated SQLi
The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks...
CVE-2023-3435
CVE-2023-3435 affects the WordPress plugin User Activity Log, versions before 1.6.5. The root cause is improper sanitization/escaping of parameters used in an SQL statement during the plugin’s export feature, enabling unauthenticated SQL injection. The vulnerability is rated CRITICAL (CVSS v3.1: ...
CVE-2023-3435 User Activity Log < 1.6.5 - Unauthenticated SQLi
The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks...