Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
project log vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-4281
This Activity Log WordPress plugin prior to 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an malicious user to manipulate its value. This may be used to hide the source of malicious traffic.
Activity Log Project Activity Log
1 Github repository
NA
CVE-2022-3941
A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be ini...
Activity Log Project Activity Log -
6.8
CVSSv2
CVE-2015-3351
Multiple cross-site request forgery (CSRF) vulnerabilities in the Log Watcher module prior to 6.x-1.2 for Drupal allow remote malicious users to hijack the authentication of administrators for requests that (1) enable, (2) disable, or (3) delete a report via unspecified vectors.
Log Watcher Project Log Watcher
6.5
CVSSv2
CVE-2021-24758
The Email Log WordPress plugin prior to 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections
Email Log Project Email Log
4.3
CVSSv2
CVE-2021-24924
The Email Log WordPress plugin prior to 2.4.8 does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue
Email Log Project Email Log
NA
CVE-2023-23721
Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin Log plugin <= 1.50 versions.
Admin Log Project Admin Log
NA
CVE-2022-27858
CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress.
Activity Log Project Activity Log
6.5
CVSSv2
CVE-2015-4613
SQL injection vulnerability in the backend module in the Developer Log (devlog) extension prior to 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors.
Developer Log Project Developer Log
6.8
CVSSv2
CVE-2020-18264
Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote malicious users to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_edit_member".
Simple-log Project Simple-log 1.6
6.8
CVSSv2
CVE-2020-18265
Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote malicious users to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_add_member".
Simple-log Project Simple-log 1.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injection
CVE-2024-30983
CVE-2023-4235
CVE-2024-21338
privilege
encryption
CVE-2023-4232
CVE-2024-31497
CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »