3 matches found
$400 Bounty Awarded for SQL Injection Vulnerability Patched in WP Activity Log Premium WordPress Plugin
🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 24th, 2024, during our second Bug Bounty Extravaganza...
CVE-2024-2018 WP Activity Log Premium <= 4.6.4 - Authenticated (Subscriber+) SQL Injection
The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry-roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...
CVE-2024-2018
CVE-2024-2018 affects the WP Activity Log Premium plugin for WordPress. The vulnerability is an SQL Injection via entry->roles in all versions up to 4.6.4, caused by insufficient escaping of the user-supplied parameter and insufficient preparation of the SQL query. This can enable authenticate...