Lucene search
K

421 matches found

Vulnrichment
Vulnrichment
added 2026/01/28 6:0 a.m.3 views

CVE-2025-13471 User Activity Log <= 2.2 - Unauthenticated Limited Arbitrary Option Update

The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...

5.9AI score0.00264EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/28 6:0 a.m.5 views

EUVD-2025-206412

The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.11 views

PT-2026-5057

The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...

5.9AI score0.00264EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.8 views

WordPress plugin User Activity Log security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/20 4:30 p.m.12 views

Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered

Summary Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a condition that floods the panel with activity records Details After wings sends activity logs to the panel it deletes the processed activity entries from t...

8.3CVSS5.7AI score0.00475EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2026/01/19 7:25 p.m.20 views

CVE-2026-21696 Endless reprocessing/reupload of activity log data due to SQLite max parameters limit not being considered

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...

8.3CVSS0.00475EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.10 views

CVE-2023-4279

This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic...

7.5CVSS6.6AI score0.0086EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.7 views

CVE-2023-4269

The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses...

4.3CVSS6.6AI score0.00427EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:10 a.m.5 views

CVE-2016-10891

The aryo-activity-log plugin before 2.3.3 for WordPress has XSS...

6.1CVSS6.9AI score0.01034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:59 a.m.14 views

CVE-2023-50905

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log allows Stored XSS.This issue affects WP Activity Log: from n/a through 4.6.1...

7.1CVSS7.6AI score0.00331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:46 a.m.9 views

CVE-2025-11877

The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ualshookwploginfailed' lacks a capability check and writes failed usernames directly into updateoption calls. This makes it possible for unauthenticated attacker...

7.5CVSS5.8AI score0.00335EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/01/09 8:33 a.m.277 views

Exploit for CVE-2025-11877

CVE-2025-11877 User Activity Log - Unauthenticated Limited...

7.5CVSS6.3AI score0.00335EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/07 9:9 a.m.8 views

CVE-2024-2018

The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry-roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

8.8CVSS7.5AI score0.00876EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/07 8:21 a.m.7 views

CVE-2025-11877 User Activity Log <= 2.2 - Unauthenticated Limited Options Update via Failed Login

The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ualshookwploginfailed' lacks a capability check and writes failed usernames directly into updateoption calls. This makes it possible for unauthenticated attacker...

7.5CVSS5.7AI score0.00335EPSS
Exploits1References2
CVE
CVE
added 2026/01/07 8:21 a.m.23 views

CVE-2025-11877

The CVE-2025-11877 issue affects WordPress User Activity Log versions up to 2.2. The vulnerability is in the failed-login handler (ual_shook_wp_login_failed), which lacks a capability check and writes failed usernames into update_option() calls. This allows unauthenticated attackers to push certa...

7.5CVSS5.8AI score0.00335EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/07 8:21 a.m.30 views

CVE-2025-11877 User Activity Log <= 2.2 - Unauthenticated Limited Options Update via Failed Login

The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ualshookwploginfailed' lacks a capability check and writes failed usernames directly into updateoption calls. This makes it possible for unauthenticated attacker...

7.5CVSS0.00335EPSS
Exploits1References2
Patchstack
Patchstack
added 2026/01/07 7:11 a.m.11 views

WordPress User Activity Log plugin <= 2.2 - Unauthenticated Limited Options Update via Failed Login vulnerability

Unauthenticated Limited Options Update via Failed Login vulnerability discovered by shark3y in WordPress Plugin User Activity Log versions = 2.2...

7.5CVSS6.8AI score0.00335EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.8 views

WordPress plugin User Activity Log 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

7.5CVSS6.3AI score0.00335EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.14 views

PT-2026-1584

Name of the Vulnerable Software and Affected Versions User Activity Log plugin versions prior to and including 2.2 Description The User Activity Log plugin has an issue where the failed-login handler ual shook wp login failed does not perform a capability check. This allows unauthenticated...

7.5CVSS6.5AI score0.00335EPSS
Exploits1References7
CVE
CVE
added 2025/11/04 12:20 a.m.14 views

CVE-2025-46556

CVE-2025-46556 – MantisBT (Mantis Bug Tracker) Affected software: MantisBT up to version 2.27.1.Root cause: lack of server-side validation of note length allows extremely long notes to be submitted.Impact: permanently corrupts issue activity logs; the activity stream UI fails to render, preventin...

7.5CVSS6.3AI score0.00375EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder