421 matches found
CVE-2026-1843
The CVE-2026-1843 is for the WordPress plugin “Super Page Cache.” All versions up to and including 5.2.2 are vulnerable to Stored Cross-Site Scripting via the Activity Log due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary scripts...
CVE-2026-1843 Super Page Cache <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting via Activity Log
The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...
WordPress WP Activity Log plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Steven Julian in WordPress Plugin WP Activity Log versions = 5.5.4...
PT-2026-8100
The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...
CVE-2026-1671
The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winteractivitylogaction function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2026-1671
The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winteractivitylogaction function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2026-1671
The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winteractivitylogaction function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2026-1671 Activity Log for WordPress <= 1.2.8 - Missing Authorization to Sensitive Information Exposure via Log File
The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winteractivitylogaction function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2026-1671 Activity Log for WordPress <= 1.2.8 - Missing Authorization to Sensitive Information Exposure via Log File
The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winteractivitylogaction function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2026-1671
The CVE concerns the WordPress Activity Log plugin for WordPress. A missing capability check in winter_activity_log_action() affects all versions up to and including 1.2.8, allowing authenticated users with Subscriber-level access or higher to view potentially sensitive data stored in exposed log...
PT-2026-7839
The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winter activity log action function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level acce...
WordPress plugin Activity Log for WordPress 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
PT-2026-6505
Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered in github.com/pterodactyl/wings...
CVE-2022-50940
Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially...
PT-2026-5567
Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially...
CVE-2025-13471
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...
CVE-2025-13471
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...
CVE-2025-13471
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...
CVE-2025-13471 User Activity Log <= 2.2 - Unauthenticated Limited Arbitrary Option Update
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...
CVE-2025-13471 User Activity Log <= 2.2 - Unauthenticated Limited Arbitrary Option Update
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...