Wp System Log
Monthly
Authenticated users can bypass authorization controls in WP System Log plugin versions up to 1.2.7 to modify system logs due to improper access control validation. An attacker with valid credentials could alter log data to cover tracks or manipulate audit records without additional privileges. No patch is currently available for this vulnerability.
The WP System Log WordPress plugin before 1.0.21 does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Authenticated users can bypass authorization controls in WP System Log plugin versions up to 1.2.7 to modify system logs due to improper access control validation. An attacker with valid credentials could alter log data to cover tracks or manipulate audit records without additional privileges. No patch is currently available for this vulnerability.
The WP System Log WordPress plugin before 1.0.21 does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.