cleantalk
Vulnerabilities and Security Researches

WP Activity Log, CVE-2020-36716

CVE, Research URL

CVE-2020-36716

Home page URL

Security reports for WP Activity Log

Application

WP Activity Log

Published on
Jun 07, 2023
Research Description
The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setup_page function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard (if it has not been run previously) and access plugin configuration options.
Affected versions
Min -, max 4.5.2.
Status
vulnerable
Previous vulnerability researches
WP Activity Log (CVE-2025-0767) , Mar 05, 2025
WP Activity Log (CVE-2025-0924) , Feb 17, 2025
WP Activity Log (CVE-2014-5072) , Jun 07, 2024
WP Activity Log (CVE-2018-8719) , Jun 07, 2024
WP Activity Log (CVE-2023-2285) , Jun 07, 2024
New vulnerability
Osom Blocks – Custom Post Type listing block (CVE-2025-5940) , Jun 27, 2025
Post Rating and Review (CVE-2025-6538) , Jun 27, 2025
WP Masonry & Infinite Scroll (CVE-2025-5488) , Jun 27, 2025
Modern Design Library (CVE-2025-5842) , Jun 27, 2025
FastBook – Responsive Appointment Booking and Scheduling System (CVE-2025-25173) , Jun 27, 2025