119 matches found
CVE-2025-13471
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...
CVE-2025-13471
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...
CVE-2025-13471
CVE-2025-13471 affects the WordPress plugin User Activity Log (
CVE-2025-13471 User Activity Log <= 2.2 - Unauthenticated Limited Arbitrary Option Update
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...
EUVD-2025-206412
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...
CVE-2025-13471
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...
CVE-2025-13471 User Activity Log <= 2.2 - Unauthenticated Limited Arbitrary Option Update
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...
WordPress plugin User Activity Log security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-5057
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...
CVE-2023-4279
This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic...
CVE-2023-4269
The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses...
CVE-2025-11877
The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ualshookwploginfailed' lacks a capability check and writes failed usernames directly into updateoption calls. This makes it possible for unauthenticated attacker...
Exploit for CVE-2025-11877
CVE-2025-11877 User Activity Log - Unauthenticated Limited...
CVE-2025-11877 User Activity Log <= 2.2 - Unauthenticated Limited Options Update via Failed Login
The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ualshookwploginfailed' lacks a capability check and writes failed usernames directly into updateoption calls. This makes it possible for unauthenticated attacker...
CVE-2025-11877
The CVE-2025-11877 issue affects WordPress User Activity Log versions up to 2.2. The vulnerability is in the failed-login handler (ual_shook_wp_login_failed), which lacks a capability check and writes failed usernames into update_option() calls. This allows unauthenticated attackers to push certa...
CVE-2025-11877 User Activity Log <= 2.2 - Unauthenticated Limited Options Update via Failed Login
The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ualshookwploginfailed' lacks a capability check and writes failed usernames directly into updateoption calls. This makes it possible for unauthenticated attacker...
WordPress User Activity Log plugin <= 2.2 - Unauthenticated Limited Options Update via Failed Login vulnerability
Unauthenticated Limited Options Update via Failed Login vulnerability discovered by shark3y in WordPress Plugin User Activity Log versions = 2.2...
WordPress plugin User Activity Log 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...
PT-2026-1584
Name of the Vulnerable Software and Affected Versions User Activity Log plugin versions prior to and including 2.2 Description The User Activity Log plugin has an issue where the failed-login handler ual shook wp login failed does not perform a capability check. This allows unauthenticated...
EUVD-2023-44099
Malicious code in bioql PyPI...