Medium 5.3 Unfixed Closed
2026-01-28≤ 2.2
CVE-2025-13471
User Activity Log
High 7.5 Unfixed Closed
2026-01-07≤ 2.2
CVE-2025-11877
High 7.6 Closed
2024-04-10< 2.0
CVE-2024-31356
Medium 4.3 Closed
2023-09-04< 1.6.6
CVE-2023-4269
High 7.5 Closed
2023-09-04< 1.6.7
CVE-2023-4279
N/A Closed
2023-08-09< 1.6.6
WordPress User Activity Log Plugin <= 1.6.5 is vulnerable to Broken Access Control
N/A Closed
2023-08-08< 1.6.6
User Activity Log <= 1.6.5 - Unauthenticated Data Export to Sensitive Information Disclosure
Critical 9.8 Closed
2023-08-14< 1.6.5
CVE-2023-3435
High 7.2 Closed
2023-07-24< 1.6.3
CVE-2023-2761
N/A Closed
2023-07-14< 1.6.3
User Activity Log <= 1.6.2 - Unauthenticated SQL Injection via username
High 7.6 Closed
2023-10-31< 1.6.3
CVE-2023-37966
N/A Closed
2023-05-25< 1.6.2
User Activity Log <= 1.6.2 - Authenticated(Administrator+) SQL Injection via txtsearch
N/A Closed
< 1.4.7
User Activity Log < 1.4.7 - Reflected Cross-Site Scripting
N/A Closed
< 1.4.7
User Activity Log < 1.4.7 - Reflected Cross Site Scripting via Query String
N/A Closed
2021-08-30< 1.4.7
User Activity Log <= 1.4.6 - Reflected Cross Site Scripting
N/A Closed
2021-08-30< 1.4.7
User Activity Log <= 1.4.6 - Reflected Cross-Site Scripting
N/A Closed
2017-07-29< 1.2.6
WordPress User Activity Log Plugin <= 1.2.3 - Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerabilities