Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 3:10 p.m.10 views

CVE-2020-36716

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setuppage function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard if it has not been run previously and...

7.3CVSS6.8AI score0.00825EPSS
Exploits1References1
OSV
OSV
added 2023/06/07 2:15 a.m.3 views

CVE-2020-36716

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setuppage function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard if it has not been run previously and...

7.3CVSS5.8AI score0.00825EPSS
Exploits1References3
CVE
CVE
added 2023/06/07 1:51 a.m.59 views

CVE-2020-36716

The CVE-2020-36716 entry concerns the WordPress WP Activity Log plugin. Affected component: the setup_page function; root cause is a missing capability check, leading to an authorization bypass. Impact: unauthenticated attackers could run the setup wizard (if not previously completed) and access ...

7.3CVSS7AI score0.00825EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.10 views

CVE-2020-36716 WP Activity Log <= 4.0.1 - Missing Authorization

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setuppage function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard if it has not been run previously and...

7.3CVSS7AI score0.00825EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/06/07 1:51 a.m.42 views

CVE-2020-36716 WP Activity Log <= 4.0.1 - Missing Authorization

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setuppage function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard if it has not been run previously and...

7.3CVSS7.1AI score0.00825EPSS
Exploits1References3
Rows per page
Query Builder