The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-09-04T11:26:56.095Z

Updated: 2024-08-02T07:24:04.061Z

Reserved: 2023-08-09T08:21:12.900Z

Link: CVE-2023-4269

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-09-04T12:15:10.470

Modified: 2024-11-21T08:34:45.510

Link: CVE-2023-4269

cve-icon Redhat

No data.