{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1671", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-01-30T00:45:01.261Z", "datePublished": "2026-02-12T12:31:50.364Z", "dateUpdated": "2026-04-08T16:55:44.269Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:55:44.269Z"}, "affected": [{"vendor": "switcorp", "product": "Activity Log for WordPress", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.2.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winter_activity_log_action() function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view potentially sensitive information (e.g., the password of a higher level user, such as an administrator) contained in the exposed log files."}], "title": "Activity Log for WordPress <= 1.2.8 - Missing Authorization to Sensitive Information Exposure via Log File", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5cec4c17-24c1-4ed3-a3d3-9404ad7af420?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3459369/winterlock"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Athiwat Tiprasaharn"}, {"lang": "en", "type": "finder", "value": "Itthidej Aramsri"}], "timeline": [{"time": "2026-01-31T15:34:53.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-02-11T23:45:46.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-12T14:15:32.297364Z", "id": "CVE-2026-1671", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-12T14:15:56.801Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1671", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-12T14:15:32.297364Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-12T14:15:36.226Z"}}], "cna": {"title": "Activity Log for WordPress <= 1.2.8 - Missing Authorization to Sensitive Information Exposure via Log File", "credits": [{"lang": "en", "type": "finder", "value": "Athiwat Tiprasaharn"}, {"lang": "en", "type": "finder", "value": "Itthidej Aramsri"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "switcorp", "product": "Activity Log for WordPress", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.2.8"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-01-31T15:34:53.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-02-11T23:45:46.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5cec4c17-24c1-4ed3-a3d3-9404ad7af420?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3459369/winterlock"}], "descriptions": [{"lang": "en", "value": "The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winter_activity_log_action() function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view potentially sensitive information (e.g., the password of a higher level user, such as an administrator) contained in the exposed log files."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:55:44.269Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1671", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:55:44.269Z", "dateReserved": "2026-01-30T00:45:01.261Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-12T12:31:50.364Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winter_activity_log_action() function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view potentially sensitive information (e.g., the password of a higher level user, such as an administrator) contained in the exposed log files."}, {"lang": "es", "value": "El plugin Activity Log for WordPress para WordPress es vulnerable a acceso no autorizado a datos debido a una comprobaci\u00f3n de capacidad faltante en la funci\u00f3n winter_activity_log_action() en todas las versiones hasta la 1.2.8, inclusive. Esto hace posible que atacantes autenticados, con acceso de nivel Suscriptor y superior, vean informaci\u00f3n potencialmente sensible (por ejemplo, la contrase\u00f1a de un usuario de nivel superior, como un administrador) contenida en los archivos de registro expuestos."}], "id": "CVE-2026-1671", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-12T13:15:49.880", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3459369/winterlock"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5cec4c17-24c1-4ed3-a3d3-9404ad7af420?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "product": "activity_log_for_wordpress", "vendor": "switcorp"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-15T20:45:18.145272+00:00", "value": {"mitigation_remediation": ["Update the Activity Log for WordPress plugin to the latest version that includes the missing capability check (any release after 1.2.8).", "If an update is not immediately possible, modify the plugin (or use a code snippet) to restrict the winter_activity_log_action() endpoint so that only users with Administrator capability can execute it.", "Delete any existing log files that may contain sensitive data to remove already exposed credentials."], "summary": {"action": "Apply Patch", "impact": "Sensitive Information Exposure"}, "threat_synthesis": {"affected_systems": "Switcorp Activity Log for WordPress plugin versions 1.2.8 and any earlier release are affected. The issue is present in all builds up to and including 1.2.8.", "description_and_impact": "The vulnerability resides in the winter_activity_log_action() function of the Activity Log for WordPress plugin, where a missing capability check allows an attacker to read log files. An authenticated user with Subscriber level or higher can trigger this function and obtain content that may contain sensitive data such as the passwords of higher\u2011privilege users. This flaw therefore enables credential disclosure and potential escalation of privilege for an authenticated attacker.", "risk_and_exploitability": "The vulnerability has a severity score of 6.5, indicating moderate risk, while the likelihood of exploitation is low, with a probability estimate below 1%. The attack requires an authenticated user with a Subscriber role or higher to trigger the action and read the log file. No additional privileges or special setup are needed, so any site running the vulnerable plugin can be impacted. The vulnerability is not listed in the national known exploited vulnerability catalog."}}}}, "created": "2026-02-13T21:35:43.274032+00:00", "updated": "2026-04-15T21:00:09.929099+00:00", "vendors": ["switcorp", "switcorp$PRODUCT$activity_log_for_wordpress", "wordpress", "wordpress$PRODUCT$wordpress"]}