5 matches found
CVE-2023-50905
CVE-2023-50905 is a stored XSS in the WordPress plugin WP Activity Log (Melapress) affecting versions up to 4.6.1. The root cause is improper neutralization of input during web page generation. Consequences include stored JavaScript execution if an attacker injects payload into the vulnerable fie...
CVE-2025-0924
CVE-2025-0924 (WP Activity Log) : Stored XSS via the message parameter in all WordPress WP Activity Log versions up to 5.2.2. Exploitation does not require authentication. Root cause: insufficient input sanitization and output escaping. Impact: injected scripts run when users view the page. A fix...
CVE-2024-10793
CVE-2024-10793 affects the WP Activity Log WordPress plugin (versions
CVE-2024-2018
CVE-2024-2018 affects the WP Activity Log Premium plugin for WordPress. The vulnerability is an SQL Injection via entry->roles in all versions up to 4.6.4, caused by insufficient escaping of the user-supplied parameter and insufficient preparation of the SQL query. This can enable authenticate...
CVE-2025-0767
CVE-2025-0767 pertains to WP Activity Log 5.3.2, where unvalidated user input is directly fed into PHP’s unserialize function inside myapp/classes/Writers/class-csv-writer.php. This is an insecure deserialization risk with high impact (per the cited metrics: CVSS 3.1 base score 9.8, high confiden...