Vulnerabilities and security researches foractivitytime activitytime

Jun 07, 2024

CVE, Research URL: 76a74682b99be3aa86e9f28c3b54b69fec893a21
Home page URL: Security reports for WP Sessions Time Monitoring Full Automatic
Application: WP Sessions Time Monitoring Full Automatic
Date: Feb 28, 2022
Research Description: WP Sessions Time Monitoring Full Automatic [activitytime] < 1.0.6 WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.0.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress WP Sessions Time Monitoring Full Automatic plugin (versions <= 1.0.5).
Affected versions: max 1.0.6.
Status: vulnerable

CVE, Research URL: CVE-2023-5203
Home page URL: Security reports for WP Sessions Time Monitoring Full Automatic
Application: WP Sessions Time Monitoring Full Automatic
Date: Dec 27, 2023
Research Description: The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique.
Affected versions: max 1.0.9.
Status: vulnerable

Oct 25, 2024

CVE, Research URL: CVE-2024-49681
Home page URL: Security reports for WP Sessions Time Monitoring Full Automatic
Application: WP Sessions Time Monitoring Full Automatic
Date: Oct 24, 2024
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SWIT WP Sessions Time Monitoring Full Automatic allows SQL Injection.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through 1.0.9.
Affected versions: max 1.1.0.
Status: vulnerable

Feb 02, 2025

CVE, Research URL: CVE-2025-24718
Home page URL: Security reports for WP Sessions Time Monitoring Full Automatic
Application: WP Sessions Time Monitoring Full Automatic
Date: Jan 31, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SWIT WP Sessions Time Monitoring Full Automatic allows Reflected XSS. This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through 1.1.1.
Affected versions: max 1.1.2.
Status: vulnerable

Mar 30, 2026

CVE, Research URL: CVE-2026-32362
Home page URL: Security reports for WP Sessions Time Monitoring Full Automatic
Application: WP Sessions Time Monitoring Full Automatic
Date: Mar 14, 2026
Research Description: Missing Authorization vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through <= 1.1.3.
Affected versions: max 1.1.3.
Status: vulnerable