The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrative user accesses an injected page
Reporter | Title | Published | Views | Family All 6 |
---|---|---|---|---|
NVD | CVE-2024-10793 | 15 Nov 202406:15 | – | nvd |
Vulnrichment | CVE-2024-10793 WP Activity Log <= 5.2.1 - Unauthenticated Stored Cross-Site Scripting via User_id Parameter | 15 Nov 202405:30 | – | vulnrichment |
Cvelist | CVE-2024-10793 WP Activity Log <= 5.2.1 - Unauthenticated Stored Cross-Site Scripting via User_id Parameter | 15 Nov 202405:30 | – | cvelist |
Patchstack | WordPress WP Activity Log Plugin <= 5.2.1 is vulnerable to Cross Site Scripting (XSS) | 14 Nov 202400:00 | – | patchstack |
CVE | CVE-2024-10793 | 15 Nov 202406:15 | – | cve |
Wordfence Blog | Wordfence Intelligence Weekly WordPress Vulnerability Report (November 11, 2024 to November 17, 2024) | 21 Nov 202415:38 | – | wordfence |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo