WP Security Audit Log Plugin <= 3.1.1 - Sensitive Information Disclosure



Description
No protection on the wp-content/uploads/wp-security-audit-log/*
which is indexed by google and allows for attackers to possibly find user information (bad login attempts)
Proof of Concept
 Google Dork: inurl:/wp-content/uploads/wp-security-audit-log/

Affects Plugin

fixed in version 3.1.2

References

CVE 2018-8719
EXPLOITDB 44371

Classification

Type UNKNOWN

Miscellaneous

Submitter Colette Chamberland
Submitter Website https://www.defiant.com
Submitter Twitter @cjchamberland
Views 4828
Verified Yes
WPVDB ID 9050

Timeline

Publicly Published 2018-03-28 (over 1 year ago)
Added 2018-03-30 (over 1 year ago)
Last Updated 2019-11-01 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin