Medium severity6.1OSV Advisory· Published Mar 15, 2018· Updated Jun 17, 2026
CVE-2018-8729
CVE-2018-8729
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 2.1.10, 2.1.11, 2.1.12, …
- Range: <2.4.1
Patches
Vulnerability mechanics
References
5- github.com/pojome/activity-log/commit/950c46b2290c991187ff3471640e9688b16908fbnvdPatchThird Party Advisory
- github.com/pojome/activity-log/commit/e7bcd12fcb0add82bed762a971f427a360664bd9nvdPatchRelease NotesThird Party Advisory
- plugins.trac.wordpress.org/changeset/1836276nvdPatchThird Party Advisory
- www.exploit-db.com/exploits/44437/nvdExploitThird Party AdvisoryVDB Entry
- wordpress.org/plugins/aryo-activity-log/nvdRelease NotesThird Party Advisory
News mentions
0No linked articles in our index yet.