3 matches found
WordPress WP Activity Log Plugin < 4.5.2 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpwhitesecurity:wpactivitylog"; ifdescription...
CVE-2023-2285 WP Activity Log Premium <= 4.5.0 - Cross-Site Request Forgery via ajax_switch_db
The WP Activity Log Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajaxswitchdb function. This makes it possible for unauthenticated attackers to make changes to the...
CVE-2023-2285
CVE-2023-2285 affects the WP Activity Log Premium WordPress plugin. The vulnerability is CSRF due to missing or incorrect nonce validation in the ajax_switch_db function, allowing unauthenticated attackers to forge requests to change plugin settings if a site admin is tricked into performing an a...