Plainview · Plainview Activity Monitor · CVE-2018-15877
**Name of the Vulnerable Software and Affected Versions**
Plainview Activity Monitor plugin versions prior to 20180826
**Description**
The issue allows for OS command injection via shell metacharacters in the `ip` parameter of a "wp-admin/admin.php?page=plainview activity monitor&tab=activity tools" request.
**Recommendations**
For versions prior to 20180826, update the Plainview Activity Monitor plugin to version 20180826 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wp-admin/admin.php?page=plainview activity monitor&tab=activity tools" endpoint to minimize the risk of exploitation. Avoid using the `ip` parameter in the affected request until the issue is resolved.