Lucene search
K
MelapressWp Activity Log

5 matches found

CVE
CVE
added 2024/02/29 5:35 a.m.106 views

CVE-2023-50905

CVE-2023-50905 is a stored XSS in the WordPress plugin WP Activity Log (Melapress) affecting versions up to 4.6.1. The root cause is improper neutralization of input during web page generation. Consequences include stored JavaScript execution if an attacker injects payload into the vulnerable fie...

7.1CVSS7.6AI score0.00331EPSS
CVE
CVE
added 2025/02/17 4:22 a.m.96 views

CVE-2025-0924

CVE-2025-0924 (WP Activity Log) : Stored XSS via the message parameter in all WordPress WP Activity Log versions up to 5.2.2. Exploitation does not require authentication. Root cause: insufficient input sanitization and output escaping. Impact: injected scripts run when users view the page. A fix...

7.2CVSS6.1AI score0.01269EPSS
CVE
CVE
added 2024/11/15 5:30 a.m.92 views

CVE-2024-10793

CVE-2024-10793 affects the WP Activity Log WordPress plugin (versions

7.2CVSS5.9AI score0.01293EPSS
Web
CVE
CVE
added 2024/04/09 6:58 p.m.63 views

CVE-2024-2018

CVE-2024-2018 affects the WP Activity Log Premium plugin for WordPress. The vulnerability is an SQL Injection via entry->roles in all versions up to 4.6.4, caused by insufficient escaping of the user-supplied parameter and insufficient preparation of the SQL query. This can enable authenticate...

8.8CVSS8.6AI score0.00876EPSS
CVE
CVE
added 2025/02/27 6:14 p.m.45 views

CVE-2025-0767

CVE-2025-0767 pertains to WP Activity Log 5.3.2, where unvalidated user input is directly fed into PHP’s unserialize function inside myapp/classes/Writers/class-csv-writer.php. This is an insecure deserialization risk with high impact (per the cited metrics: CVSS 3.1 base score 9.8, high confiden...

9.8CVSS6.5AI score0.00434EPSS