The User Activity Log WordPress plugin prior to 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
solwininfotech user activity log |