CVE-2023-4269

Name of the Vulnerable Software and Affected Versions User Activity Log WordPress plugin versions prior to 1.6.6

Description The issue is related to a lack of proper authorization in the User Activity Log WordPress plugin, allowing any authenticated users to export activity logs and retrieve personally identifiable information (PII) such as email addresses.

Recommendations For versions prior to 1.6.6, update to version 1.6.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the activity log export feature to minimize the risk of exploitation.