Wp Activity Log

CVEs (8)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2020-36716	WordPress Wp Activity Log	Hig	0.47	7.3	0.01	Jun 7, 2023	The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setup_page function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard (if it has not been…
CVE-2023-50905	Melapress Wp Activity Log	Hig	0.46	7.1	0.00	Feb 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log allows Stored XSS.This issue affects WP Activity Log: from n/a through 4.6.1.
CVE-2023-2286	WordPress Wp Activity Log	Med	0.28	4.3	0.00	Jun 9, 2023	The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauthenticated attackers to invoke this…
CVE-2023-2261	WordPress Wp Activity Log	Med	0.28	4.3	0.01	Jun 9, 2023	The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher,…
CVE-2024-10793	WordPress Wp Activity Log		0.05	—	0.01	Nov 15, 2024	The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject…
CVE-2026-54806	WordPress Wp Activity Log		0.00	—	—	Jun 17, 2026	Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
CVE-2025-0924	WordPress Wp Activity Log		0.00	—	0.01	Feb 17, 2025	The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to…
CVE-2024-10788	WordPress Wp Activity Log		0.00	—	0.01	Nov 21, 2024	The Activity Log – Monitor & Record User Changes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event parameters in all versions up to, and including, 2.11.1 due to insufficient input sanitization and output escaping. This makes it possible for…

CVE-2020-36716HigJun 7, 2023
WordPress
Wp Activity Log
risk 0.47cvss 7.3epss 0.01
The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setup_page function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard (if it has not been…
CVE-2023-50905HigFeb 29, 2024
Melapress
Wp Activity Log
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log allows Stored XSS.This issue affects WP Activity Log: from n/a through 4.6.1.
CVE-2023-2286MedJun 9, 2023
WordPress
Wp Activity Log
risk 0.28cvss 4.3epss 0.00
The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauthenticated attackers to invoke this…
CVE-2023-2261MedJun 9, 2023
WordPress
Wp Activity Log
risk 0.28cvss 4.3epss 0.01
The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher,…
CVE-2024-10793Nov 15, 2024
WordPress
Wp Activity Log
risk 0.05cvss —epss 0.01
The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject…
CVE-2026-54806Jun 17, 2026
WordPress
Wp Activity Log
risk 0.00cvss —epss —
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
CVE-2025-0924Feb 17, 2025
WordPress
Wp Activity Log
risk 0.00cvss —epss 0.01
The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to…
CVE-2024-10788Nov 21, 2024
WordPress
Wp Activity Log
risk 0.00cvss —epss 0.01
The Activity Log – Monitor & Record User Changes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event parameters in all versions up to, and including, 2.11.1 due to insufficient input sanitization and output escaping. This makes it possible for…