Activity Log
Monthly
The Activity Log - Monitor & Record User Changes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event parameters in all versions up to, and including, 2.11.1 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in Activity Log Plugin and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
The Activity Log - Monitor & Record User Changes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event parameters in all versions up to, and including, 2.11.1 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in Activity Log Plugin and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.