cleantalk
Vulnerabilities and Security Researches

WP Activity Log, CVE-2026-45435

CVE, Research URL

CVE-2026-45435

Home page URL

Security reports for WP Activity Log

Application

WP Activity Log

Published on
May 25, 2026
Research Description
WP Activity Log [wp-security-audit-log] < 5.6.3.1 CVE-2026-45435 [en] Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log allows DOM-Based XSS. This issue affects WP Activity Log: from n/a through 5.6.3.
Affected versions
max 5.6.3.1.
Status
vulnerable
Previous vulnerability researches
SKT Skill Bar (CVE-2025-66090) , Dec 11, 2025
SKT Skill Bar (CVE-2024-38698) , Jul 15, 2024
SKT Skill Bar (CVE-2025-47482) , May 09, 2025
SKT Skill Bar (CVE-2025-26880) , Apr 15, 2025
New vulnerability
WP Activity Log (CVE-2026-45435) , May 26, 2026
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2026-48837) , May 26, 2026
Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode , May 26, 2026
Instant Images &#8211; One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels , May 26, 2026
Enable Media Replace , May 26, 2026