WordPress Plugin Vulnerabilities

Activity Log <= 2.3.2 - Cross-Site Scripting (XSS) in 'page'

Description

The Activity Log WordPress plugin was affected by a Cross-Site Scripting (XSS) in 'page' security vulnerability.

Affects Plugins

Plugin icon
aryo-activity-log
Fixed in 2.3.3

References

URL
https://seclists.org/fulldisclosure/2016/Aug/16
URL
https://sumofpwn.nl/advisory/2016/cross_site_scripting_in_activity_log_wordpress_plugin.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
58cfe6fc-f1e5-4a87-84b3-7b190a140c4d

Timeline

Publicly Published
2016-08-03 (about 9 years ago)
Added
2016-08-04 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2023-10-09
Title
Fattura24 < 6.2.8 - Reflected Cross-Site Scripting
Published
2025-01-10
Title
Gutenberg Blocks with AI by Kadence WP – Page Builder Features < 3.4.3 - Authenticated (contributor+) Stored Cross-Site Scripting via Button Link
Published
2025-12-01
Title
WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) < 4.0.0 - Unauthenticated Stored Cross-Site Scripting via External Content Import
Published
2021-09-23
Title
YITH Maintenance Mode < 1.4.0 - Multiple Admin+ Stored Cross-Site Scripting
Published
2023-02-02
Title
Jobs for WordPress < 2.6.0 - Author+ Stored XSS