WP Security Audit Log < 4.0.2 - Broken Access Control in First-Time Install Wizard



Description
"Broken access control vulnerability affecting version 4.0.1 and below that could lead to privilege escalation, sensitive data exposure and insecure deserialisation.
To exploit the vulnerability, the wizard must not have been completed, otherwise it won’t work"

Affects Plugin

References

URL https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-wp-security-audit-log-plugin/

Classification

Type PRIVESC
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-269

Miscellaneous

Original Researcher Jerome Bruandet (nintechnet.com)
Views 2086
Verified No
WPVDB ID 10118

Timeline

Publicly Published 2020-03-08 (3 months ago)
Added 2020-03-08 (3 months ago)
Last Updated 2020-03-09 (3 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin