Primary

Context

Liaison Site Prober WordPress Plugin Information Exposure Vulnerability

Vulnerability

A vulnerability allowing information exposure has been identified in the Liaison Site Prober plugin for WordPress, affecting all versions up to and including 1.2.1. The issue arises in the '/wp-json/site-prober/v1/logs' REST API endpoint, where the permission callback 'permissions_read()' incorrectly allows access without proper capability checks. This flaw enables unauthenticated users to access sensitive audit log information, such as IP addresses, user IDs, usernames, login and logout activities, failed login attempts, and detailed descriptions of user actions.

Impact

Exploitation of this vulnerability allows unauthenticated users to access sensitive audit log data, potentially leading to privacy violations and unauthorized disclosure of user activity information.

Remediation

Users can update to version 1.2.2 or a newer patched version to address this vulnerability.

Added: Apr 24, 2026, 8:20 AM

Updated: Apr 24, 2026, 8:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

6.5

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

6.5

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Liaison Site Prober WordPress Plugin Information Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating