VYPR

WP Activity Log Premium

by WordPress

CVEs (3)

  • CVE-2024-2018HigApr 9, 2024
    risk 0.57cvss 8.8epss 0.01

    The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry->roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. …

  • CVE-2023-2285MedJun 9, 2023
    risk 0.28cvss 4.3epss 0.00

    The WP Activity Log Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_switch_db function. This makes it possible for unauthenticated attackers to make…

  • CVE-2023-2284MedJun 9, 2023
    risk 0.28cvss 4.3epss 0.00

    The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_db function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level…