cleantalk
Vulnerabilities and Security Researches

WP Activity Log, CVE-2023-2284

CVE, Research URL

CVE-2023-2284

Home page URL

Security reports for WP Activity Log

Application

WP Activity Log

Published on
Jun 09, 2023
Research Description
The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_db function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level or higher to make changes to the plugin's settings.
Affected versions
Min -, max 4.5.2.
Status
vulnerable
Previous vulnerability researches
WP Activity Log (CVE-2025-0767) , Mar 05, 2025
WP Activity Log (CVE-2025-0924) , Feb 17, 2025
WP Activity Log (CVE-2014-5072) , Jun 07, 2024
WP Activity Log (CVE-2018-8719) , Jun 07, 2024
WP Activity Log (CVE-2023-2285) , Jun 07, 2024
New vulnerability
Osom Blocks – Custom Post Type listing block (CVE-2025-5940) , Jun 27, 2025
Post Rating and Review (CVE-2025-6538) , Jun 27, 2025
WP Masonry & Infinite Scroll (CVE-2025-5488) , Jun 27, 2025
Modern Design Library (CVE-2025-5842) , Jun 27, 2025
FastBook – Responsive Appointment Booking and Scheduling System (CVE-2025-25173) , Jun 27, 2025