CVE-2025-0767
- EPSS 0.14%
- Published 27.02.2025 19:15:49
- Last modified 21.05.2025 17:06:08
WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php.
CVE-2025-0924
- EPSS 10%
- Published 17.02.2025 05:15:09
- Last modified 23.05.2025 17:41:46
The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unaut...
CVE-2024-10793
- EPSS 68.46%
- Published 15.11.2024 06:15:04
- Last modified 19.11.2024 21:13:22
The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthe...
CVE-2024-2018
- EPSS 0.4%
- Published 09.04.2024 19:15:24
- Last modified 06.05.2025 15:56:13
The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry->roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation ...
CVE-2023-50905
- EPSS 0.07%
- Published 29.02.2024 06:15:45
- Last modified 26.02.2025 15:14:42
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log allows Stored XSS.This issue affects WP Activity Log: from n/a through 4.6.1.