| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-0767 | WP Activity Log 5.3.2 - Insecure deserialization | Melapress | WP Activity Log | 中危 | - | 2025-02-27 18:14:53 | Deep Dive |
| CVE-2025-0924 | WP Activity Log <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting | melapress | WP Activity Log | High | 7.2 | 2025-02-17 04:22:46 | Deep Dive |
| CVE-2025-24982 | WordPress plugin Activity Log WinterLock 跨站请求伪造漏洞 | SWIT | Activity Log WinterLock | 中危 | - | 2025-02-04 04:18:57 | Deep Dive |
| CVE-2025-24718 | WordPress WP Sessions Time Monitoring Full Automatic Plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability | activity-log.com | WP Sessions Time Monitoring Full Automatic | High | 7.1 | 2025-01-31 08:24:42 | Deep Dive |
| CVE-2024-11913 | Activity Plus Reloaded for BuddyPress <= 1.1.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery | buddydev | Activity Plus Reloaded for BuddyPress | Medium | 5.4 | 2025-01-24 13:40:57 | Deep Dive |
| CVE-2024-10788 | Activity Log – Monitor & Record User Changes <= 2.11.1 - Unauthenticated Stored Cross-Site Scripting via Event Context | elemntor | Activity Log – Monitor & Record User Changes | High | 7.2 | 2024-11-21 05:33:50 | Deep Dive |
| CVE-2024-10793 | WP Activity Log <= 5.2.1 - Unauthenticated Stored Cross-Site Scripting via User_id Parameter | melapress | WP Activity Log | High | 7.2 | 2024-11-15 05:30:57 | Deep Dive |
| CVE-2024-37929 | WordPress User Activity Log Pro plugin <= 2.3.4 - Subscriber+ Multiple Broken Access Control vulnerability | solwin | User Activity Log Pro | Medium | 6.3 | 2024-11-01 14:18:10 | Deep Dive |
| CVE-2024-49681 | WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.0.9 - SQL Injection vulnerability | activity-log.com | WP Sessions Time Monitoring Full Automatic | Critical | 9.3 | 2024-10-24 12:09:17 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-0868 | coreActivity < 2.1 - Unauthenticated IP Spoofing | Unknown | coreActivity: Activity Logging plugin for WordPress | - | - | 2024-04-17 05:00:02 | Deep Dive |
| CVE-2024-32137 | WordPress User Activity Log Pro plugin <= 2.3.4 - Auth. SQL Injection vulnerability | Solwin | User Activity Log Pro | High | 8.5 | 2024-04-15 07:19:30 | Deep Dive |
| CVE-2024-31356 | WordPress User Activity Log plugin <= 1.8 - Auth. SQL Injection vulnerability | Solwin Infotech | User Activity Log | High | 7.6 | 2024-04-10 16:19:56 | Deep Dive |
| CVE-2024-2018 | WP Activity Log Premium <= 4.6.4 - Authenticated (Subscriber+) SQL Injection | wpwhitesecurity | WP Activity Log Premium | High | 8.8 | 2024-04-09 18:58:42 | Deep Dive |
| CVE-2023-50905 | WordPress WP Activity Log plugin <= 4.6.1 - Cross Site Scripting (XSS) vulnerability | Melapress | WP Activity Log | High | 7.1 | 2024-02-29 05:35:15 | Deep Dive |
| CVE-2023-28694 | WordPress Wbcom Designs – BuddyPress Activity Social Share Plugin <= 3.5.0 is vulnerable to Cross Site Request Forgery (CSRF) | Wbcom Designs | Wbcom Designs – BuddyPress Activity Social Share | Medium | 5.4 | 2023-11-12 21:47:32 | Deep Dive |
| CVE-2022-45350 | WordPress Simple History Plugin <= 3.3.1 is vulnerable to CSV Injection | Pär Thernström | Simple History – user activity log, audit tool | 高危 | - | 2023-11-07 15:05:07 | Deep Dive |
| CVE-2023-37966 | WordPress User Activity Log Plugin <= 1.6.2 is vulnerable to SQL Injection | Solwin Infotech | User Activity Log | 超危 | - | 2023-10-31 14:57:14 | Deep Dive |
| CVE-2023-5133 | User Activity Log Pro < 2.3.4 - IP Spoofing | Unknown | user-activity-log-pro | 高危 | - | 2023-10-16 19:39:18 | Deep Dive |
| CVE-2023-5167 | User Activity Log Pro < 2.3.4 - Unauthenticated Stored Cross-Site Scripting via User Agent | Unknown | user-activity-log-pro | 中危 | - | 2023-10-16 19:39:01 | Deep Dive |