Vulnerabilities > Wpwhitesecurity > WP Activity LOG > 3.4

DATE CVE VULNERABILITY TITLE RISK
2023-06-09 CVE-2023-2286 Cross-Site Request Forgery (CSRF) vulnerability in Wpwhitesecurity WP Activity LOG
The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0.
network
low complexity
wpwhitesecurity CWE-352
4.3
4.3
2023-06-07 CVE-2020-36716 Missing Authorization vulnerability in Wpwhitesecurity WP Activity LOG
The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setup_page function in versions up to, and including, 4.0.1.
network
low complexity
wpwhitesecurity CWE-862
7.3
7.3