Description
WordPress Plugin WP Activity Log is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently run the install wizard and configure a large set of options, if the wizard hasn't been completed in the first place. WordPress Plugin WP Activity Log version 4.0.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.0.2 or latest
References
https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-wp-security-audit-log-plugin/
https://www.wpsecurityauditlog.com/support-documentation/plugin-changelog/
Related Vulnerabilities
Adobe Coldfusion 8 multiple linked XSS vulnerabilies
WordPress Plugin Survey Maker-Best WordPress Survey Cross-Site Scripting (3.1.3)
PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4545)
PHP Other Vulnerability (CVE-2015-1352)
PostgreSQL Cryptographic Issues Vulnerability (CVE-2012-2143)