The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_db function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level or higher to make changes to the plugin's settings.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-06-09T12:32:00.238Z
Updated: 2023-06-09T12:32:00.238Z
Reserved: 2023-04-25T19:24:08.595Z
Link: CVE-2023-2284
JSON object: View
NVD Information
Status : Modified
Published: 2023-06-09T13:15:09.767
Modified: 2023-11-07T04:12:19.517
Link: CVE-2023-2284
JSON object: View
Redhat Information
No data.
CWE
No CWE.