CVE-2024-11085

Name of the Vulnerable Software and Affected Versions WP Log Viewer plugin for WordPress versions up to, and including, 1.2.1

Description The issue is related to unauthorized use of functionality due to a missing capability check on several AJAX actions. This allows authenticated attackers with Subscriber-level access and above to access logs, update plugin-related user settings, and general plugin settings.

Recommendations For versions up to, and including, 1.2.1, update to a version above 1.2.1 to resolve the issue. As a temporary workaround, consider restricting access to the AJAX actions until a patch is available.