EUVD-2026-15606

Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through = 1.2.7...

CVE-2026-24987

Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through = 1.2.7...

PT-2026-27876

Name of the Vulnerable Software and Affected Versions WP System Log versions through 1.2.7 Description An authorization issue exists in activity-log.com WP System Log winterlock. This allows exploitation of incorrectly configured access control security levels. Recommendations Update WP System Lo...

EUVD-2025-4002

Malicious code in bioql PyPI...

CVE-2025-24982

Cross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2.5. If a user views a malicious page while logged in, the log data may be deleted...

CVE-2025-24982

Cross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2.5. If a user views a malicious page while logged in, the log data may be deleted...

WordPress Plugin "Activity Log WinterLock" vulnerable to cross-site request forgery

Overview WordPress Plugin "Activity Log WinterLock" provided by SWIT contains a cross-site request forgery vulnerability CWE-352. KENJI YOSHIKAWA reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user vie...

CVE-2025-24982

Cross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2.5. If a user views a malicious page while logged in, the log data may be deleted...

CVE-2025-24982

The CVE-2025-24982 affects the WordPress plugin Activity Log WinterLock, specifically versions prior to 1.2.5. The vulnerability is a Cross‑Site Request Forgery (CSRF) that can cause log data to be deleted when a logged‑in user views a malicious page. No root cause details beyond CSRF are provide...

CVE-2025-24982

Cross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2.5. If a user views a malicious page while logged in, the log data may be deleted...

JVN#94806805: WordPress Plugin "Activity Log WinterLock" vulnerable to cross-site request forgery

WordPress Plugin "Activity Log WinterLock" provided by SWIT contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, the log data may be deleted. Solution Update the plugin Update the plugin according to the information provided by the...

PT-2025-5613 · Unknown · Activity Log Winterlock

Name of the Vulnerable Software and Affected Versions: Activity Log WinterLock versions prior to 1.2.5 Description: A cross-site request forgery issue exists. If a user views a malicious page while logged in, the log data may be deleted. Recommendations: For versions prior to 1.2.5, update to...

WordPress plugin Activity Log WinterLock 跨站请求伪造漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists ...