CVE-2018-8719
published 2018-04-04CVE-2018-8719: An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted…
PriorityP344medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
15.78%
96.5th percentile
An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. For example, these files are indexed by Google and allows for attackers to possibly find sensitive information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wpsecurityauditlog | wp_security_audit_log | — | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin WP Security Audit Log 3.1.1 - Sensitive Information Disclosure
exploitdb·2018-03-30·CVSS 5.3
CVE-2018-8719 [MEDIUM] WordPress Plugin WP Security Audit Log 3.1.1 - Sensitive Information Disclosure
WordPress Plugin WP Security Audit Log 3.1.1 - Sensitive Information Disclosure
---
# Exploit Title: WP Security Audit Log Plugin, Sensitive Information Disclosure CheckDirectory( $user_upload_path ) ) {
wp_mkdir_p( $user_upload_path );
}
Nuclei
WordPress WP Security Audit Log 3.1.1 - Information Disclosure
nuclei·CVSS 5.3
CVE-2018-8719 [MEDIUM] WordPress WP Security Audit Log 3.1.1 - Information Disclosure
WordPress WP Security Audit Log 3.1.1 - Information Disclosure
WordPress WP Security Audit Log 3.1.1 plugin is susceptible to information disclosure. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.
Template:
id: CVE-2018-8719
info:
name: WordPress WP Security Audit Log 3.1.1 - Information Disclosure
author: LogicalHunter
severity: medium
description: |
WordPress WP Security Audit Log 3.1.1 plugin is susceptible to information disclosure. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.
impact: |
An attacker can exploit this vulnerabi
No writeups or analysis indexed.
2018-04-04
Published