Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
project log vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-24758
The Email Log WordPress plugin prior to 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections
Email Log Project Email Log
6.1
CVSSv3
CVE-2021-24924
The Email Log WordPress plugin prior to 2.4.8 does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue
Email Log Project Email Log
8.8
CVSSv3
CVE-2023-23721
Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin Log plugin <= 1.50 versions.
Admin Log Project Admin Log
5.3
CVSSv3
CVE-2022-3941
A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be ini...
Activity Log Project Activity Log -
NA
CVE-2015-3351
Multiple cross-site request forgery (CSRF) vulnerabilities in the Log Watcher module prior to 6.x-1.2 for Drupal allow remote malicious users to hijack the authentication of administrators for requests that (1) enable, (2) disable, or (3) delete a report via unspecified vectors.
Log Watcher Project Log Watcher
NA
CVE-2015-4613
SQL injection vulnerability in the backend module in the Developer Log (devlog) extension prior to 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors.
Developer Log Project Developer Log
9.8
CVSSv3
CVE-2022-27858
CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress.
Activity Log Project Activity Log
5.3
CVSSv3
CVE-2023-4281
This Activity Log WordPress plugin prior to 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an malicious user to manipulate its value. This may be used to hide the source of malicious traffic.
Activity Log Project Activity Log
1 Github repository
6.1
CVSSv3
CVE-2016-1157
Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* Log-Chat prior to 2.0 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Log-chat Project Log-chat 1.0
8.8
CVSSv3
CVE-2020-18264
Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote malicious users to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_edit_member".
Simple-log Project Simple-log 1.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »