VYPR

User Activity Log

by Solwininfotech

CVEs (4)

  • CVE-2025-11877HigJan 7, 2026
    risk 0.49cvss 7.5epss 0.00

    The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ual_shook_wp_login_failed' lacks a capability check and writes failed usernames directly into update_option() calls. This makes it possible for…

  • CVE-2023-37966HigOct 31, 2023
    risk 0.49cvss 7.6epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.This issue affects User Activity Log: from n/a through 1.6.2.

  • CVE-2024-37929MedNov 1, 2024
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization vulnerability in solwin User Activity Log Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Activity Log Pro: from n/a through 2.3.4.

  • CVE-2025-13471MedJan 28, 2026
    risk 0.34cvss 5.3epss 0.00

    The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 (for example to enable User Registration when it has been turned off)