5 matches found
CVE-2020-36716
The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setuppage function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard if it has not been run previously and...
CVE-2020-36716
The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setuppage function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard if it has not been run previously and...
CVE-2020-36716
The CVE-2020-36716 entry concerns the WordPress WP Activity Log plugin. Affected component: the setup_page function; root cause is a missing capability check, leading to an authorization bypass. Impact: unauthenticated attackers could run the setup wizard (if not previously completed) and access ...
CVE-2020-36716 WP Activity Log <= 4.0.1 - Missing Authorization
The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setuppage function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard if it has not been run previously and...
CVE-2020-36716 WP Activity Log <= 4.0.1 - Missing Authorization
The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setuppage function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard if it has not been run previously and...