Lucene search
WpvulndbWPVDB-ID:3C5E45FD-933F-47E0-BFB5-B376FAB6B88BHistoryMay 17, 2023 - 12:00 a.m.
WP Activity Log < 4.5.2 - Subscriber+ Information Leak
2023-05-1700:00:00
wpscan.com
6
plugin
capability check
handle_ajax_call
authorization bypass
authenticated users
user information
usernames
emails
EPSS
0.001
Percentile
34.8%
The plugin does not properly implement a capability check on the handle_ajax_call function, leading to an authorization bypass that allows authenticated users to obtain a list of users’ information, including ids, usernames, and emails.
Related
prion
prion
Authorization
2023-06-09 13:15:00
cvelist
cvelist
CVE-2023-2261
2023-06-09 12:32:01
nvd
nvd
CVE-2023-2261
2023-06-09 13:15:09
cve
cve
CVE-2023-2261
2023-06-09 13:15:09
openvas
openvas
WordPress WP Activity Log Plugin < 4.5.2 Multiple Vulnerabilities
2023-07-12 00:00:00
wordfence
wordfence