| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-24987 | WordPress WP System Log plugin <= 1.2.7 - Broken Access Control vulnerability | activity-log.com | WP System Log | Medium | 6.5 | 2026-03-25 16:14:36 | Deep Dive |
| CVE-2026-32362 | WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.3 - Broken Access Control vulnerability | activity-log.com | WP Sessions Time Monitoring Full Automatic | 中危 | - | 2026-03-13 11:42:05 | Deep Dive |
| CVE-2026-25331 | WordPress WP Activity Log plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability | Melapress | WP Activity Log | - | - | 2026-02-19 08:26:57 | Deep Dive |
| CVE-2026-1671 | Activity Log for WordPress <= 1.2.8 - Missing Authorization to Sensitive Information Exposure via Log File | switcorp | Activity Log for WordPress | Medium | 6.5 | 2026-02-12 12:31:50 | Deep Dive |
| CVE-2025-13471 | User Activity Log <= 2.2 - Unauthenticated Limited Arbitrary Option Update | Unknown | User Activity Log | - | - | 2026-01-28 06:00:04 | Deep Dive |
| CVE-2025-11877 | User Activity Log <= 2.2 - Unauthenticated Limited Options Update via Failed Login | solwininfotech | User Activity Log | High | 7.5 | 2026-01-07 08:21:50 | Deep Dive |
| CVE-2025-48339 | WordPress Profiler - What Slowing Down Your WP <= 1.0.0 - Broken Access Control Vulnerability | activity-log.com | Profiler - What Slowing Down Your WP | Medium | 6.5 | 2025-07-16 11:28:01 | Deep Dive |
| CVE-2024-0970 | User Activity Tracking and Log < 4.1.4 - IP Spoofing | Unknown | User Activity Tracking and Log | - | - | 2025-05-15 20:09:33 | Deep Dive |
| CVE-2023-6030 | LogDash Activity Log < 1.1.4 - Unauthenticated SQLi | Unknown | LogDash Activity Log | - | - | 2025-05-15 20:09:05 | Deep Dive |
| CVE-2025-0767 | WP Activity Log 5.3.2 - Insecure deserialization | Melapress | WP Activity Log | 中危 | - | 2025-02-27 18:14:53 | Deep Dive |
| CVE-2025-0924 | WP Activity Log <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting | melapress | WP Activity Log | High | 7.2 | 2025-02-17 04:22:46 | Deep Dive |
| CVE-2025-24982 | WordPress plugin Activity Log WinterLock 跨站请求伪造漏洞 | SWIT | Activity Log WinterLock | 中危 | - | 2025-02-04 04:18:57 | Deep Dive |
| CVE-2025-24718 | WordPress WP Sessions Time Monitoring Full Automatic Plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability | activity-log.com | WP Sessions Time Monitoring Full Automatic | High | 7.1 | 2025-01-31 08:24:42 | Deep Dive |
| CVE-2024-10788 | Activity Log – Monitor & Record User Changes <= 2.11.1 - Unauthenticated Stored Cross-Site Scripting via Event Context | elemntor | Activity Log – Monitor & Record User Changes | High | 7.2 | 2024-11-21 05:33:50 | Deep Dive |
| CVE-2024-10793 | WP Activity Log <= 5.2.1 - Unauthenticated Stored Cross-Site Scripting via User_id Parameter | melapress | WP Activity Log | High | 7.2 | 2024-11-15 05:30:57 | Deep Dive |
| CVE-2024-37929 | WordPress User Activity Log Pro plugin <= 2.3.4 - Subscriber+ Multiple Broken Access Control vulnerability | solwin | User Activity Log Pro | Medium | 6.3 | 2024-11-01 14:18:10 | Deep Dive |
| CVE-2024-49681 | WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.0.9 - SQL Injection vulnerability | activity-log.com | WP Sessions Time Monitoring Full Automatic | Critical | 9.3 | 2024-10-24 12:09:17 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-32137 | WordPress User Activity Log Pro plugin <= 2.3.4 - Auth. SQL Injection vulnerability | Solwin | User Activity Log Pro | High | 8.5 | 2024-04-15 07:19:30 | Deep Dive |
| CVE-2024-31356 | WordPress User Activity Log plugin <= 1.8 - Auth. SQL Injection vulnerability | Solwin Infotech | User Activity Log | High | 7.6 | 2024-04-10 16:19:56 | Deep Dive |