CVE-2026-3569

CVSS v3.1

5.3

Medium

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 1.2.1 via the /wp-json/site-prober/v1/logs REST API endpoint. The permissions read() permission callback unconditionally returns true (via return true()) instead of checking for appropriate capabilities. This makes it possible for unauthenticated attackers to retrieve sensitive audit log data including IP addresses, user IDs, usernames, login/logout events, failed login attempts, and detailed activity descriptions.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2026-3569

Affected Products

Liaison Site Prober

CVE-2026-3569

Weakness Enumeration

Related Identifiers

Affected Products

References · 9