cleantalk
Vulnerabilities and Security Researches

WP Activity Log, CVE-2026-45435

CVE, Research URL

CVE-2026-45435

Home page URL

Security reports for WP Activity Log

Application

WP Activity Log

Published on
May 25, 2026
Research Description
WP Activity Log [wp-security-audit-log] < 5.6.3.1 CVE-2026-45435 [en] Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log allows DOM-Based XSS. This issue affects WP Activity Log: from n/a through 5.6.3.
Affected versions
max 5.6.3.1.
Status
vulnerable
Previous vulnerability researches
Tutor LMS BunnyNet Integration (CVE-2026-24584) , Jan 28, 2026
Tutor LMS &#8211; Migration Tool (CVE-2024-1804) , Jul 28, 2024
Tutor LMS &#8211; Migration Tool (CVE-2024-1798) , Jul 28, 2024
Tutor LMS Elementor Addons (CVE-2024-5576) , Aug 21, 2024
Tutor LMS Elementor Addons (CVE-2024-53816) , Dec 11, 2024
New vulnerability
WP Activity Log (CVE-2026-45435) , May 26, 2026
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2026-48837) , May 26, 2026
Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode , May 26, 2026
Instant Images &#8211; One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels , May 26, 2026
Enable Media Replace , May 26, 2026