CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

45 matches found

CVE-2026-45435

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log allows DOM-Based XSS. This issue affects WP Activity Log: from n/a through 5.6.3...

6.5CVSS5.4AI score0.00034EPSS

Exploits0References1

Vulnrichment•added 2026/05/25 10:28 p.m.•7 views

CVE-2026-45435 WordPress WP Activity Log plugin <= 5.6.3 - Cross Site Scripting (XSS) vulnerability

6.5CVSS5.8AI score0.00034EPSS

Exploits0References1

Cvelist•added 2026/05/25 10:28 p.m.•18 views

CVE-2026-45435 WordPress WP Activity Log plugin <= 5.6.3 - Cross Site Scripting (XSS) vulnerability

6.5CVSS0.00034EPSS

Exploits0References1

ATTACKERKB•added 2026/02/19 8:26 a.m.•4 views

CVE-2026-25331

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.This issue affects WP Activity Log: from n/a through = 5.5.4...

5.5AI score0.00045EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 8:59 a.m.•7 views

CVE-2023-50905

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log allows Stored XSS.This issue affects WP Activity Log: from n/a through 4.6.1...

7.1CVSS7.6AI score0.0007EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:9 a.m.•5 views

CVE-2024-2018

The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry-roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

8.8CVSS7.5AI score0.00549EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-24158

Malware in sbrugna...

7.3CVSS7.4AI score0.00323EPSS

Exploits1References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-55638

Malicious code in bioql PyPI...

7.1CVSS7.5AI score0.0007EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-5996

Malicious code in bioql PyPI...

9.8CVSS8.7AI score0.00211EPSS

Exploits0References5

RedhatCVE•added 2025/05/23 3:16 a.m.•1 views

CVE-2023-2284

The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxswitchdb function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level or higher to make...

4.3CVSS5.1AI score0.00088EPSS

Exploits0References1

RedhatCVE•added 2025/03/01 6:25 p.m.•14 views

CVE-2025-0767

WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php...

9.8CVSS6.8AI score0.00211EPSS

Exploits0References4

NVD•added 2025/02/27 7:15 p.m.•9 views

CVE-2025-0767

WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php...

9.8CVSS0.00211EPSS

Exploits0References2

Vulnrichment•added 2025/02/27 6:14 p.m.•6 views

CVE-2025-0767 WP Activity Log 5.3.2 - Insecure deserialization

WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php...

6.3CVSS6.5AI score0.00211EPSS

Exploits0References2

Cvelist•added 2025/02/27 6:14 p.m.•11 views

CVE-2025-0767 WP Activity Log 5.3.2 - Insecure deserialization

WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php...

6.3CVSS0.00211EPSS

Exploits0References2

CVE•added 2025/02/27 6:14 p.m.•36 views

CVE-2025-0767

CVE-2025-0767 pertains to WP Activity Log 5.3.2, where unvalidated user input is directly fed into PHP’s unserialize function inside myapp/classes/Writers/class-csv-writer.php. This is an insecure deserialization risk with high impact (per the cited metrics: CVSS 3.1 base score 9.8, high confiden...

9.8CVSS6.5AI score0.00211EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2025/02/27 12:0 a.m.•2 views

PT-2025-8980 · Unknown · Wp Activity Log

Name of the Vulnerable Software and Affected Versions: WP Activity Log version 5.3.2 Description: The issue arises from unvalidated user input being used directly in an unserialize function. This is located in the myapp/classes/Writers/class-csv-writer.php file. Recommendations: For WP Activity L...

9.8CVSS9.2AI score0.00211EPSS

Exploits0References9

RedhatCVE•added 2025/02/19 5:19 a.m.•7 views

CVE-2025-0924

The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS8AI score0.0845EPSS

Exploits0References1

Vulnrichment•added 2025/02/17 4:22 a.m.•23 views

CVE-2025-0924 WP Activity Log <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting

7.2CVSS6.1AI score0.0845EPSS

Exploits0References5

Cvelist•added 2025/02/17 4:22 a.m.•16 views

CVE-2025-0924 WP Activity Log <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting

7.2CVSS0.0845EPSS

Exploits0References5

Positive Technologies•added 2025/02/17 12:0 a.m.•4 views

PT-2025-6813 · WordPress · Wp Activity Log

Name of the Vulnerable Software and Affected Versions: WP Activity Log plugin for WordPress versions up to, and including, 5.2.2 Description: The issue is related to Stored Cross-Site Scripting via the message parameter due to insufficient input sanitization and output escaping. This allows...

7.2CVSS8.1AI score0.0845EPSS

Exploits0References17

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by