Vulnerabilities and security researches forwinterlock winterlock

Jun 07, 2024

CVE, Research URL: CVE-2021-24756
Home page URL: Security reports for Activity Log WinterLock
Application: Activity Log WinterLock
Date: Dec 13, 2021
Research Description: The WP System Log WordPress plugin before 1.0.21 does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow unauthenticated attacker to perform Cross-Site Scripting attacks against admins viewing the logs.
Affected versions: max 1.0.23.
Status: vulnerable

Feb 06, 2025

CVE, Research URL: CVE-2025-24982
Home page URL: Security reports for Activity Log WinterLock
Application: Activity Log WinterLock
Date: Feb 04, 2025
Research Description: Activity Log WinterLock [winterlock] < 1.2.5 CVE-2025-24982 [en] Cross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2.5. If a user views a malicious page while logged in, the log data may be deleted.
Affected versions: max 1.2.5.
Status: vulnerable

Mar 29, 2026

CVE, Research URL: CVE-2026-24987
Home page URL: Security reports for Activity Log WinterLock
Application: Activity Log WinterLock
Date: Mar 25, 2026
Research Description: Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through <= 1.2.7.
Affected versions: max 1.2.7.
Status: vulnerable