CVE-2023-4150

Published: Aug 30, 2023Modified: Apr 23, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The User Activity Tracking and Log WordPress plugin before 4.0.9 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks

Affected (1)

Products: Mooveagency: User Activity Tracking And Log

Mooveagency

1 product

User Activity Tracking And Log

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mooveagency User Activity Tracking And Log	Before 4.0.9

References (2)

https://wpscan.com/vulnerability/381ef15b-aafe-4ef4-a0bc-867d891f7f44

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/381ef15b-aafe-4ef4-a0bc-867d891f7f44

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.