security vulnerability | WordPress.org

macpheek
(@macpheek)

1 year, 10 months ago

Hi, I’ve had a notice from wordfence that this plugin has a security vulnerability, is a patch being worked on?

Critical Problems:

* The Plugin “User Activity Log” has a security vulnerability.

Vulnerability Severity: 9.1/10.0 (Critical) Vulnerability Information
https://wordpress.org/plugins/user-activity-log/#developers

Thanks

Viewing 5 replies - 1 through 5 (of 5 total)

invaderB
(@invaderb)

1 year, 10 months ago

Also curious if this is getting worked on…

Here’s the CVE
https://www.cve.org/CVERecord?id=CVE-2024-31356

bphyle
(@bphyle)

1 year, 9 months ago

Curiosity intensifies…

invaderB
(@invaderb)

1 year, 9 months ago

I’m giving it till Friday then moving to a different plugin if a fix is not pushed out….

michaelrich
(@michaelrich)

1 year, 9 months ago

It seems like you can only exploit it if you are an administrator anyway… But it is very concerning for me that the developer is not reacting here.

Plugin Author solwininfotech
(@solwininfotech)

1 year, 6 months ago

Hi @macpheek @michaelrich @invaderb @bphyle

I apologize for the delayed response.

We would like to inform you that we have released an updated version of our plugin,in which we have fixed a security vulnerability issue. Please update your plugin accordingly.

If you encounter any further problems, do not hesitate to reach out to us. We are here to assist you in resolving any issues as quickly as possible.

Thank you!

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘security vulnerability’ is closed to new replies.

6 replies
5 participants
Last reply from: solwininfotech
Last activity: 1 year, 6 months ago
Status: not resolved