The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 (for example to enable User Registration when it has been turned off)CreditsAlex Tselevich (nos3curity)WPScanReferenceshttps://wpscan.com/vulnerability/cc8743f5-b1b9-4f88-b440-db044034bbfc/
