CVE-2023-2261 - OpenCVE

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of users with accounts on the site. This includes ids, usernames and emails.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Wpwhitesecurity	Wp Activity Log

Configuration 1 [-]

OR	cpe:2.3:a:wpwhitesecurity:wp_activity_log:::::-:wordpress::
	cpe:2.3:a:wpwhitesecurity:wp_activity_log:::::premium:wordpress::

References

Link	Resource
https://plugins.trac.wordpress.org/browser/wp-security-audit-log/trunk/vendor/wpwhitesecurity/select2-wpwhitesecurity/load.php#L70	Broken Link
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail=	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/f51f0919-498e-4f86-a933-1b7f2c4a10a4?source=cve	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-06-09T12:32:01.124Z

Updated: 2023-06-09T12:32:01.124Z

Reserved: 2023-04-24T20:43:01.943Z

Link: CVE-2023-2261

JSON object: View

NVD Information

Status : Modified

Published: 2023-06-09T13:15:09.653

Modified: 2023-11-07T04:12:17.090

Link: CVE-2023-2261

JSON object: View

Redhat Information

No data.

CWE

No CWE.

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-2261", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2023-04-24T20:43:01.943Z", "datePublished": "2023-06-09T12:32:01.124Z", "dateUpdated": "2023-06-09T12:32:01.124Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-06-09T12:32:01.124Z"}, "affected": [{"vendor": "wpwhitesecurity", "product": "WP Activity Log", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "4.5.0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "wpwhitesecurity", "product": "WP Activity Log Premium", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "4.5.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of users with accounts on the site. This includes ids, usernames and emails."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f51f0919-498e-4f86-a933-1b7f2c4a10a4?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-security-audit-log/trunk/vendor/wpwhitesecurity/select2-wpwhitesecurity/load.php#L70"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Marco Wotschka"}], "timeline": [{"time": "2023-04-24T00:00:00.000+00:00", "lang": "en", "value": "Discovered"}, {"time": "2023-05-17T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wpwhitesecurity:wp_activity_log:*:*:*:*:-:wordpress:*:*", "matchCriteriaId": "6EC87FA5-9B97-42F1-BDB1-1921ACF0E20D", "versionEndIncluding": "4.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wpwhitesecurity:wp_activity_log:*:*:*:*:premium:wordpress:*:*", "matchCriteriaId": "4D767E67-3C5B-45BD-B348-90AF4E359B54", "versionEndIncluding": "4.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of users with accounts on the site. This includes ids, usernames and emails."}], "id": "CVE-2023-2261", "lastModified": "2023-11-07T04:12:17.090", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2023-06-09T13:15:09.653", "references": [{"source": "security@wordfence.com", "tags": ["Broken Link"], "url": "https://plugins.trac.wordpress.org/browser/wp-security-audit-log/trunk/vendor/wpwhitesecurity/select2-wpwhitesecurity/load.php#L70"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f51f0919-498e-4f86-a933-1b7f2c4a10a4?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified"}