Wp Activity Log Security Vulnerabilities and Issues — Wp Activity Log CVE List

Lucene search

MelapressWp Activity Log

5 matches found

CVE•added 2024/02/29 6:15 a.m.•88 views

CVE-2023-50905

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log allows Stored XSS.This issue affects WP Activity Log: from n/a through 4.6.1.

7.1CVSS7AI score0.0007EPSS

CVE•added 2025/02/17 5:15 a.m.•69 views

CVE-2025-0924

The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scri...

7.2CVSS6.1AI score0.09043EPSS

CVE•added 2024/11/15 6:15 a.m.•65 views

CVE-2024-10793

The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.2CVSS5.9AI score0.5385EPSS

CVE•added 2024/04/09 7:15 p.m.•44 views

CVE-2024-2018

The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry->roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possi...

8.8CVSS8.6AI score0.00219EPSS

CVE•added 2025/02/27 7:15 p.m.•26 views

CVE-2025-0767

WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php.

9.8CVSS6.5AI score0.00106EPSS