VYPR

Wp Activity Log

by Wpwhitesecurity

CVEs (5)

  • CVE-2020-36716HigJun 7, 2023
    risk 0.47cvss 7.3epss 0.01

    The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setup_page function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard (if it has not been…

  • CVE-2023-2286MedJun 9, 2023
    risk 0.28cvss 4.3epss 0.00

    The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauthenticated attackers to invoke this…

  • CVE-2023-2285MedJun 9, 2023
    risk 0.28cvss 4.3epss 0.00

    The WP Activity Log Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_switch_db function. This makes it possible for unauthenticated attackers to make…

  • CVE-2023-2284MedJun 9, 2023
    risk 0.28cvss 4.3epss 0.00

    The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_db function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level…

  • CVE-2023-2261MedJun 9, 2023
    risk 0.28cvss 4.3epss 0.01

    The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher,…