WordPress Plugin Vulnerabilities

User Activity Log < 1.6.6 - Subscriber+ Log Export

Description

The plugin lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses.

Proof of Concept

As a subscriber, open the following URL

https://example.com/wp-admin/admin-post.php?page=user_action_log&export=user_logs&logformat=csv&userrole&dateshow&username&type&showip&txtsearch&export-nonce=aaa

Affects Plugins

Plugin icon
user-activity-log
Fixed in 1.6.6

References

CVE
CVE-2023-4269

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
https://magos-securitas.com
Verified
Yes
WPVDB ID
db3e4336-117c-47f2-9b43-2ca115525297

Timeline

Publicly Published
2023-08-09 (about 3 months ago)
Added
2023-08-09 (about 3 months ago)
Last Updated
2023-08-09 (about 3 months ago)

Other

Published
Title
Published
2022-06-06
Title
XCloner < 4.3.6 - Plugin Settings Reset
Published
2023-01-10
Title
Royal Elementor Addons < 1.3.60 - Subscriber+ Template Condition Update
Published
2022-01-17
Title
WP Ultimate CSV Importer < 6.4.2 - Subscriber+ Arbitrary Option Deletion
Published
2023-07-10
Title
Buy Me a Coffee – Button and Widget Plugin < 3.8 - Subscriber+ Unauthorized Data Modification
Published
2023-06-26
Title
WooCommerce Stripe Payment Gateway < 7.4.1 - Subscriber+ Order Intent Update