Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solwininfotech user activity log vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-2761
The User Activity Log WordPress plugin prior to 1.6.3 does not properly sanitise and escape the `txtsearch` parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin.
Solwininfotech User Activity Log
NA
CVE-2023-5133
This user-activity-log-pro WordPress plugin prior to 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an malicious user to manipulate its value. This may be used to hide the source of malicious traffic.
Solwininfotech User Activity Log
NA
CVE-2023-37966
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.This issue affects User Activity Log: from n/a up to and including 1.6.2.
Solwininfotech User Activity Log
NA
CVE-2023-3435
The User Activity Log WordPress plugin prior to 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated malicious users to conduct SQL injection attacks.
Solwininfotech User Activity Log
NA
CVE-2023-4269
The User Activity Log WordPress plugin prior to 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses.
Solwininfotech User Activity Log
NA
CVE-2023-4279
This User Activity Log WordPress plugin prior to 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an malicious user to manipulate its value. This may be used to hide the source of malicious traffic.
Solwininfotech User Activity Log
2 Github repositories
NA
CVE-2023-5167
The User Activity Log Pro WordPress plugin prior to 2.3.4 does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Scripting attacks.
Solwininfotech User Activity Log
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started