Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:49 a.m.11 views

CVE-2023-2261

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handleajaxcall function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of...

4.3CVSS6.4AI score0.00552EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/07/12 12:0 a.m.24 views

WordPress WP Activity Log Plugin < 4.5.2 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpwhitesecurity:wpactivitylog"; ifdescription...

4.3CVSS6.9AI score0.00552EPSS
Exploits0References4
Patchstack
Patchstack
added 2023/06/22 12:0 a.m.17 views

WordPress WP Activity Log Plugin < 4.5.2 is vulnerable to Sensitive Data Exposure

Software WP Activity Log Type Plugin Vulnerable versions 4.5.2 Fixed in 4.5.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-2261 Patch priority Medium CVSS severity Medium 4.3 Developer Melapress PSID 40c85e58b056 Credits Marco Wotschka Required...

4.3CVSS6.4AI score0.00552EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/06/09 1:15 p.m.32 views

CVE-2023-2261

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handleajaxcall function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of...

4.3CVSS4.3AI score0.00552EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/06/09 12:32 p.m.20 views

CVE-2023-2261 WP Activity Log <= 4.5.0 - Missing Capabilities Check to User Enumeration

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handleajaxcall function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of...

4.3CVSS6.6AI score0.00552EPSS
Exploits0References3
CVE
CVE
added 2023/06/09 12:32 p.m.72 views

CVE-2023-2261

CVE-2023-2261 ffects the WordPress plugin WP Activity Log. The vulnerability is an authorization bypass caused by a missing capability check in the handle_ajax_call function, exposed in versions up to and including 4.5.0. This allows authenticated users with subscriber-level access or higher to e...

4.3CVSS4.6AI score0.00552EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder