cleantalk
Vulnerabilities and Security Researches

Activity Log WinterLock, CVE-2025-24982

CVE, Research URL

CVE-2025-24982

Home page URL

Security reports for Activity Log WinterLock

Application

Activity Log WinterLock

Published on
Feb 04, 2025
Research Description
Activity Log WinterLock [winterlock] < 1.2.5 CVE-2025-24982 [en] Cross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2.5. If a user views a malicious page while logged in, the log data may be deleted.
Affected versions
max 1.2.5.
Status
vulnerable
Previous vulnerability researches
Activity Log WinterLock (CVE-2026-24987) , Mar 29, 2026
Activity Log WinterLock (CVE-2021-24756) , Jun 07, 2024
Activity Log WinterLock (CVE-2025-24982) , Feb 06, 2025
New vulnerability
Subscriptions for WooCommerce &#8211; Subscription Plugin for Collecting Recurring Revenue, Sell Membership Subscription Servic (CVE-2026-24372) , Mar 29, 2026
Meta Box &#8211; WordPress Custom Fields Framework (CVE-2025-14675) , Mar 29, 2026
Admin and Site Enhancements (ASE) (CVE-2026-32423) , Mar 29, 2026
Royal Elementor Addons and Templates (CVE-2026-28135) , Mar 29, 2026
Royal Elementor Addons and Templates (CVE-2025-13067) , Mar 29, 2026