7 matches found
CVE-2023-3435
CVE-2023-3435 affects the WordPress plugin User Activity Log, versions before 1.6.5. The root cause is improper sanitization/escaping of parameters used in an SQL statement during the plugin’s export feature, enabling unauthenticated SQL injection. The vulnerability is rated CRITICAL (CVSS v3.1: ...
CVE-2023-4279
The CVE-2023-4279 entry concerns the WordPress plugin “User Activity Log” prior to version 1.6.7. The vulnerability arises because the plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate the perceived source of traffic, which could facilitat...
CVE-2023-2761
The CVE-2023-2761 entry concerns the WordPress plugin User Activity Log, affected in versions prior to 1.6.3. The vulnerability is a SQL injection in admin pages caused by improper sanitisation/escaping of the txtsearch parameter used in SQL statements. Impact is high: remote-like access is not r...
CVE-2023-37966
CVE-2023-37966 is a SQL Injection vulnerability in the WordPress plugin User Activity Log (Solwin Infotech). Affected versions are 1.6.2 and earlier; the issue is fixed in version 1.6.3. The CVE entry notes improper neutralization of SQL elements, enabling injection. CVSS data on the entry indica...
CVE-2023-5167
CVE-2023-5167 affects WordPress plugin User Activity Log Pro
CVE-2023-4269
Summary (CVE-2023-4269) The WordPress plugin “User Activity Log” (pre-1.6.6) incorrectly authorizes log exports, allowing any authenticated user (e.g., a subscriber) to export activity logs and access PII such as email addresses. This is documented in multiple sources (Red Hat advisory RH:CVE-202...
CVE-2023-5133
CVE-2023-5133 concerns the WordPress plugin User Activity Log Pro (prior to 2.3.4). Technical details across connected sources show that it retrieves client IP addresses from potentially untrusted headers, enabling an attacker to spoof/manipulate the IP value and thereby hide malicious activity. ...