Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
activity vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-2284
The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_db function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level o...
Wpwhitesecurity Wp Activity Log
NA
CVE-2023-2285
The WP Activity Log Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_switch_db function. This makes it possible for unauthenticated malicious users to...
Wpwhitesecurity Wp Activity Log
NA
CVE-2023-2286
The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauthenticated malicious users to invoke this ...
Wpwhitesecurity Wp Activity Log
NA
CVE-2023-37966
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.This issue affects User Activity Log: from n/a up to and including 1.6.2.
Solwininfotech User Activity Log
NA
CVE-2023-5133
This user-activity-log-pro WordPress plugin prior to 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an malicious user to manipulate its value. This may be used to hide the source of malicious traffic.
Solwininfotech User Activity Log
NA
CVE-2020-36716
The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setup_page function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated malicious users to run the setup wizard (if it has not b...
Wpwhitesecurity Wp Activity Log
NA
CVE-2023-4279
This User Activity Log WordPress plugin prior to 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an malicious user to manipulate its value. This may be used to hide the source of malicious traffic.
Solwininfotech User Activity Log
2 Github repositories
505
VMScore
CVE-2005-1667
DataTrac Activity Console 1.1 allows remote malicious users to cause a denial of service via a long HTTP GET request.
Datatrac Activity Console 1.1
1 EDB exploit
NA
CVE-2023-4269
The User Activity Log WordPress plugin prior to 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses.
Solwininfotech User Activity Log
NA
CVE-2023-2261
The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, t...
Wpwhitesecurity Wp Activity Log
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »