Vulnerabilities > Solwininfotech > User Activity LOG > 1.6.5

DATE CVE VULNERABILITY TITLE RISK
2023-09-04 CVE-2023-4269 Incorrect Authorization vulnerability in Solwininfotech User Activity LOG
The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses.
network
low complexity
solwininfotech CWE-863
4.3
4.3
2023-09-04 CVE-2023-4279 Unspecified vulnerability in Solwininfotech User Activity LOG
This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value.
network
low complexity
solwininfotech
7.5
7.5