User Activity Log, CVE-2023-4269

CVE, Research URL: CVE-2023-4269
Home page URL: Security reports for User Activity Log
Application: User Activity Log
Published on: Sep 04, 2023
Research Description: The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses.
Affected versions: max 1.6.6.
Status: vulnerable