What is CVE-2023-2285?

CVE-2023-2285 refers to a vulnerability in the WP Activity Log Premium plugin for WordPress that allows unauthenticated attackers to perform Cross-Site Request Forgery attacks.

How severe is CVE-2023-2285?

CVE-2023-2285 has a severity rating of 4.3, which is considered medium.

What is the affected software of CVE-2023-2285?

The affected software of CVE-2023-2285 is the WP Activity Log Premium plugin for WordPress versions up to and including 4.5.0.

How can the WP Activity Log Premium plugin be fixed for CVE-2023-2285?

To fix CVE-2023-2285, users should update their WP Activity Log Premium plugin to a version higher than 4.5.0.

What is Cross-Site Request Forgery (CSRF)?

Cross-Site Request Forgery (CSRF) is an attack that tricks the victim into submitting a malicious request, which can lead to unauthorized actions being performed on their behalf.

Vulnerability/
CVE-2023-2285

medium

4.3

CWE

352

9/6/2023

20/12/2024

CVE-2023-2285: CSRF

First published: Fri Jun 09 2023(Updated: )

The WP Activity Log Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_switch_db function. This makes it possible for unauthenticated attackers to make changes to the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Credit: security@wordfence.com

Affected Software	Affected Version	How to fix
Melapress WP Activity Log	<=4.5.0

Remedy

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail=

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-2285?
CVE-2023-2285 refers to a vulnerability in the WP Activity Log Premium plugin for WordPress that allows unauthenticated attackers to perform Cross-Site Request Forgery attacks.
How severe is CVE-2023-2285?
CVE-2023-2285 has a severity rating of 4.3, which is considered medium.
What is the affected software of CVE-2023-2285?
The affected software of CVE-2023-2285 is the WP Activity Log Premium plugin for WordPress versions up to and including 4.5.0.
How can the WP Activity Log Premium plugin be fixed for CVE-2023-2285?
To fix CVE-2023-2285, users should update their WP Activity Log Premium plugin to a version higher than 4.5.0.
What is Cross-Site Request Forgery (CSRF)?
Cross-Site Request Forgery (CSRF) is an attack that tricks the victim into submitting a malicious request, which can lead to unauthorized actions being performed on their behalf.

agent/references
agent/type
agent/softwarecombine
agent/severity
agent/author
agent/remedy
agent/weakness
agent/first-publish-date
agent/event
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/wpwhitesecurity
canonical/melapress wp activity log
version/melapress wp activity log/4.5.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.