Description
WordPress Plugin WP Activity Log is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently run the install wizard and configure a large set of options, if the wizard hasn't been completed in the first place. WordPress Plugin WP Activity Log version 4.0.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.0.2 or latest
References
https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-wp-security-audit-log-plugin/
https://www.wpsecurityauditlog.com/support-documentation/plugin-changelog/
Related Vulnerabilities
Oracle Database Server CVE-2018-3004 Vulnerability (CVE-2018-3004)
WebLogic CVE-2023-21964 Vulnerability (CVE-2023-21964)
PHP Data Processing Errors Vulnerability (CVE-2015-4025)
WordPress Plugin Comment Link Remove and Other Comment Tools Cross-Site Request Forgery (2.1.4)
Microsoft SQL Server Improper Input Validation Vulnerability (CVE-1999-0999)