Description
Missing Authorization vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through <= 1.1.3.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Patch or Update
AI Analysis

Impact

The vulnerability resides in the WordPress plugin WP Sessions Time Monitoring Full Automatic, version <=1.1.3. It is a Missing Authorization flaw that allows an attacker to bypass access controls and potentially view or modify session data. The flaw could be exploited to read or alter sensitive session information, leading to unauthorized access to user data and impacting confidentiality and integrity of the site data. Key weakness: CWE-862.

Affected Systems

Affected product: activity-log.com WP Sessions Time Monitoring Full Automatic. Versions from n/a through 1.1.3 are impacted. No other vendor or version information is provided.

Risk and Exploitability

CVSS score of 5.3 indicates moderate severity. EPSS score < 1% shows low exploitation likelihood. The vulnerability is not listed in CISA KEV. Attack vector is inferred to be remote exploitation via the WordPress administrator interface because the flaw is a broken access control in a plugin. No further exploitation paths are detailed in the description.

Generated by OpenCVE AI on March 19, 2026 at 14:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Ensure the plugin is upgraded to a version where the issue is fixed; if unavailable, disable the plugin to prevent unauthorized access.
  • Restrict the plugin’s permissions to the minimum required set of user roles, ensuring only trusted administrators can access it.
  • Regularly monitor plugin files for unexpected changes and confirm no unauthorized code has been injected.
  • Consult the vendor’s website or support for an official patch or update.

Generated by OpenCVE AI on March 19, 2026 at 14:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Activity-log.com
Activity-log.com wp Sessions Time Monitoring Full Automatic
Wordpress
Wordpress wordpress
Vendors & Products Activity-log.com
Activity-log.com wp Sessions Time Monitoring Full Automatic
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through <= 1.1.3.
Title WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.3 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Activity-log.com Wp Sessions Time Monitoring Full Automatic
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:15:59.146Z

Reserved: 2026-03-12T11:10:53.774Z

Link: CVE-2026-32362

cve-icon Vulnrichment

Updated: 2026-03-13T18:45:04.098Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:50.120

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32362

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:58:55Z

Weaknesses