Skip to main content

Activity Log

5 CVEs product

Monthly

CVE-2024-10788 HIGH This Week

The Activity Log - Monitor & Record User Changes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event parameters in all versions up to, and including, 2.11.1 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Activity Log
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-4281 MEDIUM POC This Month

This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Activity Log
NVD WPScan
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-3941 MEDIUM POC This Month

A vulnerability has been found in Activity Log Plugin and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Activity Log
NVD VulDB
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-27858 CRITICAL Act Now

CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection WordPress Activity Log
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2018-8729 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS Activity Log
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
5.6%
EPSS 1% CVSS 7.2
HIGH This Week

The Activity Log - Monitor & Record User Changes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event parameters in all versions up to, and including, 2.11.1 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Activity Log
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Activity Log
NVD WPScan
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in Activity Log Plugin and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Activity Log
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection WordPress Activity Log
NVD
EPSS 6% CVSS 6.1
MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS Activity Log
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy