CVE-2018-8719

MEDIUM NUCLEI

WP Security Audit Log <3.1.1 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-8719. PoCs published by Colette Chamberland. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in the WP Security Audit Log WordPress plugin. The vulnerability allows attackers to access sensitive user information via unprotected directories indexed by search engines.

Description

An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. For example, these files are indexed by Google and allows for attackers to possibly find sensitive information.

Exploits (1)

exploitdb WRITEUP
by Colette Chamberland · textwebappsphp
https://www.exploit-db.com/exploits/44371

This is a writeup describing an information disclosure vulnerability in the WP Security Audit Log WordPress plugin. The vulnerability allows attackers to access sensitive user information via unprotected directories indexed by search engines.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: WP Security Audit Log Plugin <= 3.1.1
No auth needed
Prerequisites: Access to the target WordPress site · Google or other search engine indexing the vulnerable directories
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WordPress WP Security Audit Log 3.1.1 - Information Disclosure
MEDIUMby LogicalHunter

References (1)

Core 1
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44371/

Scores

CVSS v3 5.3
EPSS 0.1578
EPSS Percentile 96.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-532
Status published
Products (1)
wpsecurityauditlog/wp_security_audit_log 3.1.1
Published Apr 04, 2018
Tracked Since Feb 18, 2026