CVE-2023-2261 - OpenCVE

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of users with accounts on the site. This includes ids, usernames and emails.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wpwhitesecurity	Wp Activity Log

Configuration 1 [-]

OR	cpe:2.3:a:wpwhitesecurity:wp_activity_log:::::-:wordpress::
	cpe:2.3:a:wpwhitesecurity:wp_activity_log:::::premium:wordpress::

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/wp-security-audit-log/trunk/vendor/wpwhitesecurity/select2-wpwhitesecurity/load.php#L70
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/f51f0919-498e-4f86-a933-1b7f2c4a10a4?source=cve

History

No history.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-06-09T12:32:01.124Z

Updated: 2024-08-02T06:19:14.221Z

Reserved: 2023-04-24T20:43:01.943Z

Link: CVE-2023-2261

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-06-09T13:15:09.653

Modified: 2023-11-07T04:12:17.090

Link: CVE-2023-2261

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-2261", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2023-04-24T20:43:01.943Z", "datePublished": "2023-06-09T12:32:01.124Z", "dateUpdated": "2024-08-02T06:19:14.221Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-06-09T12:32:01.124Z"}, "affected": [{"vendor": "wpwhitesecurity", "product": "WP Activity Log", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "4.5.0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "wpwhitesecurity", "product": "WP Activity Log Premium", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "4.5.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of users with accounts on the site. This includes ids, usernames and emails."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f51f0919-498e-4f86-a933-1b7f2c4a10a4?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-security-audit-log/trunk/vendor/wpwhitesecurity/select2-wpwhitesecurity/load.php#L70"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Marco Wotschka"}], "timeline": [{"time": "2023-04-24T00:00:00.000+00:00", "lang": "en", "value": "Discovered"}, {"time": "2023-05-17T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:19:14.221Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f51f0919-498e-4f86-a933-1b7f2c4a10a4?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/wp-security-audit-log/trunk/vendor/wpwhitesecurity/select2-wpwhitesecurity/load.php#L70", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail=", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wpwhitesecurity:wp_activity_log:*:*:*:*:-:wordpress:*:*", "matchCriteriaId": "6EC87FA5-9B97-42F1-BDB1-1921ACF0E20D", "versionEndIncluding": "4.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wpwhitesecurity:wp_activity_log:*:*:*:*:premium:wordpress:*:*", "matchCriteriaId": "4D767E67-3C5B-45BD-B348-90AF4E359B54", "versionEndIncluding": "4.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of users with accounts on the site. This includes ids, usernames and emails."}], "id": "CVE-2023-2261", "lastModified": "2023-11-07T04:12:17.090", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2023-06-09T13:15:09.653", "references": [{"source": "security@wordfence.com", "tags": ["Broken Link"], "url": "https://plugins.trac.wordpress.org/browser/wp-security-audit-log/trunk/vendor/wpwhitesecurity/select2-wpwhitesecurity/load.php#L70"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f51f0919-498e-4f86-a933-1b7f2c4a10a4?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified"}