Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
activity vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-2261
The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, t...
Wpwhitesecurity Wp Activity Log
NA
CVE-2023-2286
The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauthenticated malicious users to invoke this ...
Wpwhitesecurity Wp Activity Log
NA
CVE-2023-5133
This user-activity-log-pro WordPress plugin prior to 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an malicious user to manipulate its value. This may be used to hide the source of malicious traffic.
Solwininfotech User Activity Log
NA
CVE-2023-4279
This User Activity Log WordPress plugin prior to 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an malicious user to manipulate its value. This may be used to hide the source of malicious traffic.
Solwininfotech User Activity Log
2 Github repositories
NA
CVE-2023-2284
The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_db function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level o...
Wpwhitesecurity Wp Activity Log
NA
CVE-2020-36716
The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setup_page function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated malicious users to run the setup wizard (if it has not b...
Wpwhitesecurity Wp Activity Log
NA
CVE-2023-2761
The User Activity Log WordPress plugin prior to 1.6.3 does not properly sanitise and escape the `txtsearch` parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin.
Solwininfotech User Activity Log
NA
CVE-2023-5167
The User Activity Log Pro WordPress plugin prior to 2.3.4 does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Scripting attacks.
Solwininfotech User Activity Log
NA
CVE-2023-3435
The User Activity Log WordPress plugin prior to 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated malicious users to conduct SQL injection attacks.
Solwininfotech User Activity Log
NA
CVE-2023-37966
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.This issue affects User Activity Log: from n/a up to and including 1.6.2.
Solwininfotech User Activity Log
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »