The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_db function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level or higher to make changes to the plugin's settings.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-06-09T12:32:00.238Z
Updated: 2024-08-02T06:19:14.861Z
Reserved: 2023-04-25T19:24:08.595Z
Link: CVE-2023-2284
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-06-09T13:15:09.767
Modified: 2023-11-07T04:12:19.517
Link: CVE-2023-2284
Redhat
No data.