CVE-2026-3569

Name of the Vulnerable Software and Affected Versions Liaison Site Prober versions prior to 1.2.2

Description The plugin is subject to information exposure through the '/wp-json/site-prober/v1/logs' REST API endpoint. The permissions read() permission callback uses return true(), which unconditionally grants access instead of verifying user capabilities. This allows unauthenticated attackers to access sensitive audit log data, including IP addresses, user IDs, usernames, login/logout events, failed login attempts, and activity descriptions.

Recommendations Update the plugin to a version later than 1.2.1. As a temporary workaround, restrict access to the '/wp-json/site-prober/v1/logs' endpoint to minimize the risk of exploitation.