CVE-2023-4269
low-risk
Published 2023-09-04
The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses.
Do I need to act?
-
0.11% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10
Medium
NETWORK
/ LOW complexity
Affected Products (1)
User Activity Log
Affected Vendors
23
/ 100
low-risk
Severity
18/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal