High severity7.3NVD Advisory· Published Jun 7, 2023· Updated Apr 8, 2026

CVE-2020-36716

Description

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setup_page function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard (if it has not been run previously) and access plugin configuration options.

Affected products

Wpwhitesecurity/Wp Activity Log
cpe:2.3:a:wpwhitesecurity:wp_activity_log:*:*:*:*:*:wordpress:*:*
Range: <=4.0.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changeset/2252006nvdPatch
blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-wp-security-audit-log-plugin/nvdExploit
www.wordfence.com/threat-intel/vulnerabilities/id/9d0a8be3-6630-4cf7-b6cb-cdc86b99acb3nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.474
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000