Description
WordPress Plugin WP Activity Log is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently run the install wizard and configure a large set of options, if the wizard hasn't been completed in the first place. WordPress Plugin WP Activity Log version 4.0.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.0.2 or latest
References
https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-wp-security-audit-log-plugin/
https://melapress.com/support/kb/wp-activity-log-plugin-changelog/
Related Vulnerabilities
MySQL CVE-2017-3459 Vulnerability (CVE-2017-3459)
WordPress Plugin Share Posts To Email Cross-Site Scripting (1.0.2)
WordPress Plugin The Events Calendar Unspecified Vulnerability (4.0.4)
WordPress Plugin Disable Comments Cross-Site Scripting (1.3)
WordPress Plugin SMTP by BestWebSoft Cross-Site Scripting (1.0.9)