CVE-2025-0767
- EPSS 0.14%
- Veröffentlicht 27.02.2025 19:15:49
- Zuletzt bearbeitet 21.05.2025 17:06:08
WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php.
CVE-2025-0924
- EPSS 10%
- Veröffentlicht 17.02.2025 05:15:09
- Zuletzt bearbeitet 23.05.2025 17:41:46
The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unaut...
CVE-2024-10793
- EPSS 68.46%
- Veröffentlicht 15.11.2024 06:15:04
- Zuletzt bearbeitet 19.11.2024 21:13:22
The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthe...
CVE-2024-2018
- EPSS 0.4%
- Veröffentlicht 09.04.2024 19:15:24
- Zuletzt bearbeitet 06.05.2025 15:56:13
The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry->roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation ...
CVE-2023-50905
- EPSS 0.07%
- Veröffentlicht 29.02.2024 06:15:45
- Zuletzt bearbeitet 26.02.2025 15:14:42
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log allows Stored XSS.This issue affects WP Activity Log: from n/a through 4.6.1.