Lucene search
K
SolwininfotechUser Activity Log

7 matches found

CVE
CVE
added 2023/08/14 7:10 p.m.76 views

CVE-2023-3435

CVE-2023-3435 affects the WordPress plugin User Activity Log, versions before 1.6.5. The root cause is improper sanitization/escaping of parameters used in an SQL statement during the plugin’s export feature, enabling unauthenticated SQL injection. The vulnerability is rated CRITICAL (CVSS v3.1: ...

9.8CVSS9.8AI score0.00808EPSS
Web
CVE
CVE
added 2023/09/04 11:27 a.m.73 views

CVE-2023-4279

The CVE-2023-4279 entry concerns the WordPress plugin “User Activity Log” prior to version 1.6.7. The vulnerability arises because the plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate the perceived source of traffic, which could facilitat...

7.5CVSS7.5AI score0.00853EPSS
Web
CVE
CVE
added 2023/07/24 10:20 a.m.67 views

CVE-2023-2761

The CVE-2023-2761 entry concerns the WordPress plugin User Activity Log, affected in versions prior to 1.6.3. The vulnerability is a SQL injection in admin pages caused by improper sanitisation/escaping of the txtsearch parameter used in SQL statements. Impact is high: remote-like access is not r...

7.2CVSS7.1AI score0.00717EPSS
Web
CVE
CVE
added 2023/10/31 2:57 p.m.63 views

CVE-2023-37966

CVE-2023-37966 is a SQL Injection vulnerability in the WordPress plugin User Activity Log (Solwin Infotech). Affected versions are 1.6.2 and earlier; the issue is fixed in version 1.6.3. The CVE entry notes improper neutralization of SQL elements, enabling injection. CVSS data on the entry indica...

9.8CVSS8.8AI score0.00546EPSS
CVE
CVE
added 2023/10/16 7:39 p.m.58 views

CVE-2023-5167

CVE-2023-5167 affects WordPress plugin User Activity Log Pro

5.4CVSS5.4AI score0.00394EPSS
Web
CVE
CVE
added 2023/09/04 11:26 a.m.55 views

CVE-2023-4269

Summary (CVE-2023-4269) The WordPress plugin “User Activity Log” (pre-1.6.6) incorrectly authorizes log exports, allowing any authenticated user (e.g., a subscriber) to export activity logs and access PII such as email addresses. This is documented in multiple sources (Red Hat advisory RH:CVE-202...

4.3CVSS4.9AI score0.00427EPSS
Web
CVE
CVE
added 2023/10/16 7:39 p.m.53 views

CVE-2023-5133

CVE-2023-5133 concerns the WordPress plugin User Activity Log Pro (prior to 2.3.4). Technical details across connected sources show that it retrieves client IP addresses from potentially untrusted headers, enabling an attacker to spoof/manipulate the IP value and thereby hide malicious activity. ...

7.5CVSS7.6AI score0.0055EPSS
Web