cleantalk
Vulnerabilities and Security Researches

User Activity Log, CVE-2025-11877

CVE, Research URL

CVE-2025-11877

Home page URL

Security reports for User Activity Log

Application

User Activity Log

Published on
Jan 07, 2026
Research Description
The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ual_shook_wp_login_failed' lacks a capability check and writes failed usernames directly into update_option() calls. This makes it possible for unauthenticated attackers to push select site options from 0 to a non-zero value, allowing them to reopen registration or corrupt options like 'wp_user_roles', breaking wp-admin access.
Affected versions
max 2.2.
Status
vulnerable
Previous vulnerability researches
User Activity Log (CVE-2023-3435) , Jun 07, 2024
User Activity Log (d3f2489e82d0ec4cee04bbfb445022606b02a5a5) , Jun 07, 2024
User Activity Log (CVE-2023-2761) , Jun 07, 2024
User Activity Log (CVE-2023-4279) , Jun 07, 2024
User Activity Log (CVE-2023-4269) , Jun 07, 2024
New vulnerability
Serious Slider (CVE-2026-25399) , Feb 28, 2026
Omnipress (CVE-2026-25432) , Feb 28, 2026
MDirector Newsletter (CVE-2025-14852) , Feb 28, 2026
Alma – Pay in installments or later for WooCommerce (CVE-2026-24999) , Feb 28, 2026
Visual Website Collaboration, Feedback & Project Management – Atarim (CVE-2026-25019) , Feb 27, 2026