Wp Activity Log Security Vulnerabilities and Issues — Wp Activity Log CVE List

Lucene search

WpwhitesecurityWp Activity Log

4 matches found

CVE•added 2023/06/09 1:15 p.m.•57 views

CVE-2023-2261

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of ...

4.3CVSS4.6AI score0.00178EPSS

CVE•added 2023/06/09 1:15 p.m.•55 views

CVE-2023-2285

The WP Activity Log Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_switch_db function. This makes it possible for unauthenticated attackers to make changes to the plug...

4.3CVSS4.6AI score0.00063EPSS

CVE•added 2023/06/09 1:15 p.m.•50 views

CVE-2023-2286

The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauthenticated attackers to invoke this function via a forged req...

4.3CVSS4.5AI score0.00067EPSS

CVE•added 2023/06/09 1:15 p.m.•49 views

CVE-2023-2284

The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_db function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level or higher to make ch...

4.3CVSS4.6AI score0.00083EPSS