CVE-2018-15877

Name of the Vulnerable Software and Affected Versions Plainview Activity Monitor plugin versions prior to 20180826

Description The issue allows for OS command injection via shell metacharacters in the ip parameter of a "wp-admin/admin.php?page=plainview activity monitor&tab=activity tools" request.

Recommendations For versions prior to 20180826, update the Plainview Activity Monitor plugin to version 20180826 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wp-admin/admin.php?page=plainview activity monitor&tab=activity tools" endpoint to minimize the risk of exploitation. Avoid using the ip parameter in the affected request until the issue is resolved.