Lucene search
K

421 matches found

CVE
CVE
added 2026/02/14 8:26 a.m.10 views

CVE-2026-1843

The CVE-2026-1843 is for the WordPress plugin “Super Page Cache.” All versions up to and including 5.2.2 are vulnerable to Stored Cross-Site Scripting via the Activity Log due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary scripts...

7.2CVSS5.7AI score0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/14 8:26 a.m.28 views

CVE-2026-1843 Super Page Cache <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting via Activity Log

The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

7.2CVSS0.0019EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/14 5:18 a.m.6 views

WordPress WP Activity Log plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Steven Julian in WordPress Plugin WP Activity Log versions = 5.5.4...

6.5CVSS5.4AI score0.00156EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.8 views

PT-2026-8100

The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

7.2CVSS5.7AI score0.0019EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/13 1:22 p.m.8 views

CVE-2026-1671

The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winteractivitylogaction function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access...

6.5CVSS5.5AI score0.00287EPSS
Exploits0References1
NVD
NVD
added 2026/02/12 1:15 p.m.5 views

CVE-2026-1671

The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winteractivitylogaction function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access...

6.5CVSS0.00287EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/12 12:31 p.m.4 views

CVE-2026-1671

The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winteractivitylogaction function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access...

6.5CVSS5.5AI score0.00287EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/12 12:31 p.m.27 views

CVE-2026-1671 Activity Log for WordPress <= 1.2.8 - Missing Authorization to Sensitive Information Exposure via Log File

The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winteractivitylogaction function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access...

6.5CVSS0.00287EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/12 12:31 p.m.3 views

CVE-2026-1671 Activity Log for WordPress <= 1.2.8 - Missing Authorization to Sensitive Information Exposure via Log File

The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winteractivitylogaction function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access...

6.5CVSS5.5AI score0.00287EPSS
Exploits0References2
CVE
CVE
added 2026/02/12 12:31 p.m.15 views

CVE-2026-1671

The CVE concerns the WordPress Activity Log plugin for WordPress. A missing capability check in winter_activity_log_action() affects all versions up to and including 1.2.8, allowing authenticated users with Subscriber-level access or higher to view potentially sensitive data stored in exposed log...

6.5CVSS5.5AI score0.00287EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.9 views

PT-2026-7839

The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winter activity log action function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level acce...

6.5CVSS5.5AI score0.00287EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.7 views

WordPress plugin Activity Log for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

6.5CVSS5.8AI score0.00287EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.3 views

PT-2026-6505

Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered in github.com/pterodactyl/wings...

8.3CVSS5.4AI score0.00475EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/02/01 12:15 p.m.4 views

CVE-2022-50940

Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially...

6.4CVSS6.1AI score0.00301EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/01 12:0 a.m.6 views

PT-2026-5567

Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially...

6.4CVSS6.1AI score0.00301EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/29 9:24 a.m.7 views

CVE-2025-13471

The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References1
NVD
NVD
added 2026/01/28 6:15 a.m.4 views

CVE-2025-13471

The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...

5.3CVSS0.00264EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/28 6:0 a.m.3 views

CVE-2025-13471

The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...

5.9AI score0.00264EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/28 6:0 a.m.30 views

CVE-2025-13471 User Activity Log <= 2.2 - Unauthenticated Limited Arbitrary Option Update

The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...

0.00264EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/28 6:0 a.m.2 views

CVE-2025-13471 User Activity Log <= 2.2 - Unauthenticated Limited Arbitrary Option Update

The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...

5.9AI score0.00264EPSS
Exploits0References1
Rows per page
Query Builder