Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total7
Critical1
High3
Medium3
Reset
Showing 1-7 of 7 records
Threat Entry Updated 2026-01-29

CVE-2025-13471 - User Activity Log Plugin

The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 (for example to enable User Registration when it has been turned off)

PLUGIN User Activity Log

CVE-2025-13471

MEDIUM CVSS 5.3 2026-01-28
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-5133 - User Activity Log Plugin

This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.

PLUGIN User Activity Log

CVE-2023-5133

HIGH CVSS 7.5 2023-10-16
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-5167 - User Activity Log Plugin

The User Activity Log Pro WordPress plugin before 2.3.4 does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Scripting attacks.

PLUGIN User Activity Log

CVE-2023-5167

MEDIUM CVSS 5.4 2023-10-16
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-4279 - User Activity Log Plugin

This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.

PLUGIN User Activity Log

CVE-2023-4279

HIGH CVSS 7.5 2023-09-04
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-4269 - User Activity Log Plugin

The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses.

PLUGIN User Activity Log

CVE-2023-4269

MEDIUM CVSS 4.3 2023-09-04
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-3435 - User Activity Log Plugin

The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks.

PLUGIN User Activity Log

CVE-2023-3435

CRITICAL CVSS 9.8 2023-08-14
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2761 - User Activity Log Plugin

The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise and escape the `txtsearch` parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin.

PLUGIN User Activity Log

CVE-2023-2761

HIGH CVSS 7.2 2023-07-24
Open Full Technical Breakdown
Scroll to top