WordPress Plugin Vulnerabilities

WP Security Audit Log Plugin <= 3.1.1 - Sensitive Information Disclosure

Description

No protection on the wp-content/uploads/wp-security-audit-log/*
which is indexed by google and allows for attackers to possibly find user information (bad login attempts)

Proof of Concept

Affects Plugins

Plugin icon
wp-security-audit-log
Fixed in 3.1.2

References

CVE
CVE-2018-8719
Exploitdb
44371

Miscellaneous

Submitter
Colette Chamberland
Submitter website
https://www.defiant.com
Submitter twitter
@cjchamberland
Verified
Yes
WPVDB ID
2711a857-f4aa-4590-8593-3e6e53cebf05

Timeline

Publicly Published
2018-03-28 (about 8 years ago)
Added
2018-03-30 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
Persuasion <= 2.4 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion
Published
2024-04-11
Title
ProfilePress < 4.15.5 - Contributor+ Stored Cross-Site Scripting
Published
2023-02-03
Title
User Activity <= 1.0.1 - IP Spoofing
Published
2014-08-01
Title
SS Quiz - Multiple Unspecified Vulnerabilities
Published
2025-09-10
Title
BeyondCart Connector < 3.0.2 - Missing Configuration of JWT Secret to Unauthenticated Privilege Escalation via determine_current_user Filter