WordPress Plugin Vulnerabilities

WP Security Audit Log 1.5-2.4.3 - Authenticated Reflected Cross-Site Scripting (XSS)

Description

The WP Activity Log WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
wp-security-audit-log
Fixed in 2.4.4

References

URL
https://www.pluginvulnerabilities.com/2016/06/27/reflected-cross-site-scripting-xss-vulnerability-in-wp-security-audit-log/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
91e568d3-ba3d-4941-bb58-4f6630d2cded

Timeline

Publicly Published
2016-06-27 (about 9 years ago)
Added
2016-06-29 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2024-10-31
Title
Gmap Point List <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2021-08-09
Title
SpeakOut! Email Petitions < 2.13.3 - Reflected Cross-Site Scripting
Published
2026-04-01
Title
Ultimate Addons for WPBakery Page Builder < 3.21.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-03-29
Title
Responsive Image Gallery, Gallery Album <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2026-03-06
Title
RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging < 5.0.12 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage