PT-2018-18597 · WordPress · Wp Security Audit Log

Colette Chamberland

Published

2018-04-04

Updated

2018-05-11

CVE-2018-8719

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions WP Security Audit Log plugin version 3.1.1

Description An issue was discovered in the WP Security Audit Log plugin where access to files in the wp-content/uploads/wp-security-audit-log/* directory is not restricted. This allows these files to be indexed by search engines like Google, potentially exposing sensitive information to attackers.

Recommendations For WP Security Audit Log plugin version 3.1.1, consider restricting access to the wp-content/uploads/wp-security-audit-log/* directory to prevent sensitive information from being exposed.

Exploit

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2018-8719

Affected Products

Wp Security Audit Log

PT-2018-18597 · WordPress · Wp Security Audit Log

CVE-2018-8719

Weakness Enumeration

Related Identifiers

Affected Products

References · 3