CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

420 matches found

LogDash Activity Log <= 1.1.3 - SQL Injection

The LogDash Activity Log plugin for WordPress is vulnerable to SQL Injection via the username parameter in all versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

5.4CVSS5.8AI score0.00748EPSS

Exploits1References2

CVE•added 2 days ago•10 views

CVE-2026-56005

CVE-2026-56005 affects the WordPress plugin WP Activity Log (versions

7.1CVSS5.8AI score0.0023EPSS

Exploits0References1

EUVD•added 2 days ago•4 views

EUVD-2026-39374

Subscriber Cross Site Scripting XSS in WP Activity Log = 5.6.3.1 versions...

7.1CVSS5.8AI score0.0023EPSS

Exploits0References1

Cvelist•added 2 days ago•25 views

CVE-2026-56005 WordPress WP Activity Log plugin <= 5.6.3.1 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in WP Activity Log = 5.6.3.1 versions...

7.1CVSS0.0023EPSS

Exploits0References1

Positive Technologies•added 2 days ago•7 views

PT-2026-52425

Name of the Vulnerable Software and Affected Versions WP Activity Log versions prior to 5.6.3.2 Description A Cross-Site Scripting XSS issue exists that allows exploitation at the subscriber level. XSS is a flaw where malicious scripts are injected into trusted websites. Recommendations Update to...

7.1CVSS5.8AI score0.0023EPSS

Exploits0References4

Patchstack•added 2026/06/19 8:51 a.m.•5 views

WordPress WP Activity Log plugin <= 5.6.3.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin WP Activity Log versions = 5.6.3.1...

7.1CVSS5.8AI score0.0023EPSS

Exploits0Affected Software1

EUVD•added 2026/06/17 6:35 p.m.•10 views

EUVD-2026-37642

Unauthenticated PHP Object Injection in WP Activity Log = 5.6.3.1 versions...

9.8CVSS5.4AI score0.00588EPSS

Exploits1References2

NVD•added 2026/06/17 1:20 p.m.•11 views

CVE-2026-54806

Unauthenticated PHP Object Injection in WP Activity Log = 5.6.3.1 versions...

9.8CVSS0.00588EPSS

Exploits1References1

CVE•added 2026/06/17 9:51 a.m.•50 views

CVE-2026-54806

Affected software: WordPress WP Activity Log plugin (vulnerable <= 5.6.3.1). Issue: unauthenticated PHP Object Injection. Root cause and technical specifics are not detailed in the provided documents beyond the vulnerability type. Impact metrics indicate a high-severity CVSS v3.1 score of 9.8 ...

9.8CVSS5.3AI score0.00588EPSS

Exploits1References1

Cvelist•added 2026/06/17 9:51 a.m.•32 views

CVE-2026-54806 WordPress WP Activity Log plugin <= 5.6.3.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Activity Log = 5.6.3.1 versions...

9.8CVSS0.00588EPSS

Exploits1References1

Positive Technologies•added 2026/06/17 12:0 a.m.•13 views

PT-2026-50359

Unauthenticated PHP Object Injection in WP Activity Log = 5.6.3.1 versions...

9.8CVSS5.4AI score0.00588EPSS

Exploits1References3

RedhatCVE•added 2026/06/05 7:33 p.m.•9 views

CVE-2026-45435

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log allows DOM-Based XSS. This issue affects WP Activity Log: from n/a through 5.6.3...

6.5CVSS5.4AI score0.00197EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:15 p.m.•9 views

CVE-2026-42673

Insertion of Sensitive Information Into Sent Data vulnerability in Logtivity Activity Logs Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity allows Retrieve Embedded Sensitive Data. This issue affects Activity Logs, User Activity Tracking, Multisite Activity Log from...

7.5CVSS5.4AI score0.00245EPSS

Exploits0References1

NVD•added 2026/06/01 5:16 p.m.•13 views

CVE-2026-42673

7.5CVSS0.00245EPSS

Exploits0References1

CVE•added 2026/06/01 3:24 p.m.•23 views

CVE-2026-42673

CVE-2026-42673 concerns the WordPress plugin Logtivity (Activity Logs, User Activity Tracking, Multisite Activity Log). Affected versions are up to 3.3.6. The vulnerability is described as an Insertion of Sensitive Information Into Sent Data , enabling retrieval of embedded sensitive data from se...

7.5CVSS5.8AI score0.00245EPSS

Exploits0References1

Cvelist•added 2026/06/01 3:24 p.m.•28 views

CVE-2026-42673 WordPress Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity plugin <= 3.3.6 - Sensitive Data Exposure vulnerability

7.5CVSS0.00245EPSS

Exploits0References1

EUVD•added 2026/06/01 3:24 p.m.•11 views

EUVD-2026-33690

7.5CVSS5.8AI score0.00245EPSS

Exploits0References1

CNNVD•added 2026/06/01 12:0 a.m.•7 views

WordPress plugin Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. WordPress plugins are additional applications that can b...

7.5CVSS5.5AI score0.00245EPSS

Exploits0References1

CVE•added 2026/05/25 10:28 p.m.•19 views

CVE-2026-45435

CVE-2026-45435 : A DOM-based XSS vulnerability affects the WordPress WP Activity Log plugin, specifically versions up to 5.6.3. The issue is described as an Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) in Melapress WP Activity Log, enabling DOM-based XSS. The...

6.5CVSS5.8AI score0.00197EPSS

Exploits0References1

Cvelist•added 2026/05/25 10:28 p.m.•20 views

CVE-2026-45435 WordPress WP Activity Log plugin <= 5.6.3 - Cross Site Scripting (XSS) vulnerability

6.5CVSS0.00197EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by