CVE-2026-24987

Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through = 1.2.7...

CVE-2026-24987

Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through = 1.2.7...

WordPress plugin WP System Log 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress Activity Log for WordPress plugin <= 1.2.8 - Missing Authorization to Sensitive Information Exposure via Log File vulnerability

Missing Authorization to Sensitive Information Exposure via Log File vulnerability discovered by WordFence in WordPress Plugin WP System Log versions = 1.2.8...

CVE-2025-57916 WordPress WP System Information Plugin <= 1.5 - Sensitive Data Exposure Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Nurul Amin WP System Information wp-system-info allows Retrieve Embedded Sensitive Data.This issue affects WP System Information: from n/a through = 1.5...

CVE-2021-24756

The WP System Log WordPress plugin before 1.0.21 does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow unauthenticated attacker to perform Cross-Site Scripting attacks against admins viewing the logs...

CVE-2024-12003 WP System <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The WP System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the generatewpsystempagecontent function. This makes it possible for unauthenticated attackers to inject malicious we...

CVE-2024-12003 WP System <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The WP System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the generatewpsystempagecontent function. This makes it possible for unauthenticated attackers to inject malicious we...

WordPress plugin WP System 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

CVE-2021-24756

The WP System Log WordPress plugin before 1.0.21 does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow unauthenticated attacker to perform Cross-Site Scripting attacks against admins viewing the logs...

CVE-2021-24756

The WP System Log plugin (WordPress) before version 1.0.21 does not sanitize, validate, or escape the IP address parsed from login requests, allowing an unauthenticated attacker to trigger Cross‑Site Scripting in admins viewing the Activity/Log dashboard. A fix is to upgrade to 1.0.21 or newer (r...