cleantalk
Vulnerabilities and Security Researches

WP Activity Log, CVE-2026-25331

CVE, Research URL

CVE-2026-25331

Home page URL

Security reports for WP Activity Log

Application

WP Activity Log

Published on
Feb 19, 2026
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.This issue affects WP Activity Log: from n/a through <= 5.5.4.
Affected versions
max 5.5.4.
Status
vulnerable
Previous vulnerability researches
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2025-13692) , Dec 11, 2025
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2025-14274) , Feb 27, 2026
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2025-8603) , Aug 28, 2025
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2023-31080) , Jun 10, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2025-1663) , Apr 04, 2025
New vulnerability
Complianz &#8211; GDPR/CCPA Cookie Consent (CVE-2025-11185) , Feb 27, 2026
HurryTimer &#8211; An Scarcity and Urgency Countdown Timer for WordPress &amp; WooCommerce (CVE-2026-24392) , Feb 27, 2026
Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics (CVE-2026-25407) , Feb 27, 2026
WP Activity Log (CVE-2026-25331) , Feb 27, 2026
Yoast Duplicate Post (CVE-2019-25314) , Feb 27, 2026