WordPress Plugin Vulnerabilities

Activity Log <= 2.3.1 - Stored Cross-Site Scripting (XSS)

Description

The Activity Log WordPress plugin was affected by a Stored Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
aryo-activity-log
Fixed in 2.3.2

References

CVE
CVE-2016-10890
Exploitdb
40083
URL
https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_wordpress_activity_log_plugin.html
URL
https://seclists.org/fulldisclosure/2016/Jul/25

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
firefart
Submitter website
https://firefart.at/
Submitter twitter
_FireFart_
Verified
No
WPVDB ID
9d9437bf-3bfa-435f-b2c5-b0f209aa567a

Timeline

Publicly Published
2016-07-11 (about 9 years ago)
Added
2016-07-11 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-02-23
Title
GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS
Published
2024-12-03
Title
Intro Tour Tutorial DeepPresentation < 6.5.3 - Reflected Cross-Site Scripting
Published
2025-05-02
Title
Crossword Compiler Puzzles <= 14.5 - Subscriber+ Stored XSS
Published
2026-02-13
Title
Simple Wp colorfull Accordion <= 1.0 - Authenticated (Contributor+) Cross-Site Scripting via 'title' Shortcode Attribute
Published
2024-03-28
Title
wp-forecast < 9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting