EPSS
Percentile
34.8%
The plugin does not properly implement a capability check on the handle_ajax_call function, leading to an authorization bypass that allows authenticated users to obtain a list of users’ information, including ids, usernames, and emails.
www.wordfence.com/threat-intel/vulnerabilities/detail/wp-activity-log-450-missing-capabilities-check-to-user-enumeration