What the vulnerability does
01Description
Missing Authorization vulnerability in activity-log.com Profiler - What Slowing Down Your WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Profiler - What Slowing Down Your WP: from n/a through 1.0.0.
Explanation of Vulnerability in Simple Terms
02Summary
The Profiler plugin for WordPress does not properly check user permissions before allowing access to sensitive profiling data. An unauthenticated attacker can read and modify performance metrics and configuration without authorization. This affects all versions up to 1.0.0. Update to a version newer than 1.0.0 when available.
What an attacker can do
03Attacker Capabilities
Read and modify WordPress performance profiling data without logging in.
Potential impact on your site
04Site Impact
Attackers can view and alter site performance data, potentially exposing configuration details or disrupting monitoring.
Conditions required to exploit
05Prerequisites
Network access to the WordPress site; no authentication or user interaction required.
Key dates
06Disclosure timeline
July 16, 2025
CVE published
April 28, 2026
Record updated