6 matches found
CVE-2023-2261
The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handleajaxcall function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of...
WordPress WP Activity Log Plugin < 4.5.2 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpwhitesecurity:wpactivitylog"; ifdescription...
WordPress WP Activity Log Plugin < 4.5.2 is vulnerable to Sensitive Data Exposure
Software WP Activity Log Type Plugin Vulnerable versions 4.5.2 Fixed in 4.5.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-2261 Patch priority Medium CVSS severity Medium 4.3 Developer Melapress PSID 40c85e58b056 Credits Marco Wotschka Required...
CVE-2023-2261
The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handleajaxcall function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of...
CVE-2023-2261 WP Activity Log <= 4.5.0 - Missing Capabilities Check to User Enumeration
The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handleajaxcall function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of...
CVE-2023-2261
CVE-2023-2261 ffects the WordPress plugin WP Activity Log. The vulnerability is an authorization bypass caused by a missing capability check in the handle_ajax_call function, exposed in versions up to and including 4.5.0. This allows authenticated users with subscriber-level access or higher to e...