cleantalk
Vulnerabilities and Security Researches

User Activity Log, d3f2489e82d0ec4cee04bbfb445022606b02a5a5

CVE, Research URL

d3f2489e82d0ec4cee04bbfb445022606b02a5a5

Home page URL

Security reports for User Activity Log

Application

User Activity Log

Published on
Jul 29, 2017
Research Description
User Activity Log [user-activity-log] < 1.6.2 WordPress User Activity Log Plugin <= 1.2.3 - Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerabilities There's no escaping done for $from_email and $to_email variables. Also, there's missing a nonce check. Update the plugin.
Affected versions
max 1.6.2.
Status
vulnerable
Previous vulnerability researches
User Activity Log (CVE-2023-3435) , Jun 07, 2024
User Activity Log (d3f2489e82d0ec4cee04bbfb445022606b02a5a5) , Jun 07, 2024
User Activity Log (CVE-2023-2761) , Jun 07, 2024
User Activity Log (CVE-2023-4279) , Jun 07, 2024
User Activity Log (CVE-2023-4269) , Jun 07, 2024
New vulnerability
Serious Slider (CVE-2026-25399) , Feb 28, 2026
Omnipress (CVE-2026-25432) , Feb 28, 2026
MDirector Newsletter (CVE-2025-14852) , Feb 28, 2026
Alma &#8211; Pay in installments or later for WooCommerce (CVE-2026-24999) , Feb 28, 2026
Visual Website Collaboration, Feedback &amp; Project Management &#8211; Atarim (CVE-2026-25019) , Feb 27, 2026