Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:16 a.m.6 views

CVE-2023-2284

The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxswitchdb function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level or higher to make...

4.3CVSS5.1AI score0.00386EPSS
Exploits0References1
Wordfence Blog
Wordfence Blog
added 2024/04/17 3:3 p.m.28 views

$400 Bounty Awarded for SQL Injection Vulnerability Patched in WP Activity Log Premium WordPress Plugin

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 24th, 2024, during our second Bug Bounty Extravaganza...

6.5CVSS8AI score0.00876EPSS
Exploits0
Prion
Prion
added 2023/06/09 1:15 p.m.25 views

Cross site request forgery (csrf)

The WP Activity Log Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajaxswitchdb function. This makes it possible for unauthenticated attackers to make changes to the...

4.3CVSS4.3AI score0.00215EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/09 12:32 p.m.13 views

CVE-2023-2284 WP Activity Log Premium <= 4.5.0 - Missing Authorization via ajax_switch_db

The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxswitchdb function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level or higher to make...

4.3CVSS6.6AI score0.00386EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/06/09 12:31 p.m.36 views

CVE-2023-2285 WP Activity Log Premium <= 4.5.0 - Cross-Site Request Forgery via ajax_switch_db

The WP Activity Log Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajaxswitchdb function. This makes it possible for unauthenticated attackers to make changes to the...

4.3CVSS4.5AI score0.00215EPSS
Exploits0References2
Rows per page
Query Builder