WordPress plugin WP Activity Log 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress WP Activity Log plugin <= 5.6.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin WP Activity Log versions = 5.6.3...

CVE-2026-24987 WordPress WP System Log plugin <= 1.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through = 1.2.7...

WordPress WP System Log plugin <= 1.2.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin WP System Log versions = 1.2.7...

CVE-2026-25331 WordPress WP Activity Log plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.This issue affects WP Activity Log: from n/a through = 5.5.4...

CVE-2026-1671

The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winteractivitylogaction function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access...

MAL-2025-192759 Malicious code in start-log-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea5bc70fc220a38dd997887f438e9a6d5afb70cf1d30dd8b95a664e013a7309e The package start-log-plugin was found to contain malicious code. Source: ghsa-malware 3ef7e02e352e8d339add82817454f490a0e4588fffb1dcafa53cc0136f4e9d...

EUVD-2025-204872

Malicious code in start-log-plugin npm...

Malicious Package

Overview start-log-plugin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in start-log-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea5bc70fc220a38dd997887f438e9a6d5afb70cf1d30dd8b95a664e013a7309e The package start-log-plugin was found to contain malicious code. Source: ghsa-malware 3ef7e02e352e8d339add82817454f490a0e4588fffb1dcafa53cc0136f4e9d...

EUVD-2015-9184

Malware in sbrugna...

EUVD-2021-11836

Malware in sbrugna...

EUVD-2021-11670

Malware in sbrugna...

EUVD-2022-7371

Malicious code in bioql PyPI...

EUVD-2023-57422

Malicious code in bioql PyPI...

EUVD-2024-16650

Malicious code in bioql PyPI...

EUVD-2025-17070

Malicious code in bioql PyPI...

EUVD-2022-43275

Malicious code in bioql PyPI...

CVE-2025-9627

The Run Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.10. This is due to missing or incorrect nonce validation on the oirlpluginoptions function. This makes it possible for unauthenticated attackers to modify plugin settings includi...

CVE-2025-9627

The Run Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.10. This is due to missing or incorrect nonce validation on the oirlpluginoptions function. This makes it possible for unauthenticated attackers to modify plugin settings includi...