WordPress Security Vulnerability WP Security Audit Log < 4.0.2
https://blog.nintechnet.comThe WP Security Audit Log WordPress plugin has 100,000+ active installations and can be used to keep an activity log of everything that happens on your WordPress site. In version 4.0.2 and below, there is a vulnerability that could be triggered by anyone, even an unauthenticated user. The user can run the wizard (as long as the wizard was not completed previously) simply by accessing wp-admin/admin-post.php?page=wsal-setup and possibly configure a large set of options, among them the possibility to exclude users, user roles or IP addresses from being written to the pluginโs activity log.
The issue has been fixed in Version 4.0.2 which is available now from the WordPress Plugin Repo.