CVE-2023-4269

Summary

CVE-2023-4269 is a vulnerability affecting the User Activity Log plugin for WordPress. This issue permits authenticated users, including subscribers, to export activity logs without proper authorization. As a result, they can gain unauthorized access to Personally Identifiable Information (PII), specifically email addresses. This security flaw can pose a significant risk to websites using the plugin, especially if subscriber access is not carefully managed. The vulnerability has been addressed in version 1.6.6, and users are recommended to update their plugins to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.