Medium severity5.3NVD Advisory· Published Jan 28, 2026· Updated Apr 15, 2026
CVE-2025-13471
CVE-2025-13471
Description
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 (for example to enable User Registration when it has been turned off)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=2.2
- Range: <=2.2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.