Unrated severityNVD Advisory· Published May 15, 2025· Updated Nov 13, 2025

coreActivity < 1.8.1 - Unauthenticated Stored XSS

CVE-2024-0852

Description

The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored XSS attack against high privilege users such as admin

Affected products

WordPress/coreActivity: Activity Logging for WordPressdescription
WordPress/Coreactivityllm-fuzzy
Range: <1.8.1
Package: https://wordpress.org/plugins/coreactivity

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/743c4d79-e1d5-4fb0-a17d-296df2c54e8a/mitreexploitvdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000