🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

User Activity Log

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > User Activity Log

Information

Software Type	Plugin
Software Slug	user-activity-log (view on wordpress.org)
Software Status	Active
Software Author	solwininfotech
Software Website	wordpress.org
Software Downloads	328,619
Software Active Installs	10,000
Software Record Last Updated	May 14, 2024

9 Vulnerabilities

User Activity Log <= 1.6.6 - IP Address Spoofing

5.3

CVE-2023-4279

Aug 14, 2023

Researchers: Bartłomiej Marek, Tomasz Swiadek

User Activity Log <= 1.4.6 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Aug 30, 2021

Researchers:

User Activity Log <= 1.4.6 - Reflected Cross Site Scripting

6.1

CVE ID Unknown

Aug 30, 2021

Researcher: swapnil subhash bodekar

User Activity Log <= 1.6.2 - Authenticated(Administrator+) SQL Injection via txtsearch

6.6

CVE-2023-2761

May 25, 2023

Researchers: Ilyase Dehy, Aymane Mazguiti

User Activity Log <= 1.6.2 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-37966

Jul 12, 2023

Researcher: LEE SE HYOUNG

User Activity Log <= 1.6.5 - Unauthenticated Data Export to Sensitive Information Disclosure

7.5

CVE-2023-4269

Aug 8, 2023

Researcher: Daniel Ruf

User Activity Log <= 1.6.4 - Unauthenticated SQL Injection

7.5

CVE-2023-3435

Jul 24, 2023

Researcher: Marc-Alexandre Montpas

User Activity Log <= 1.6.2 - Unauthenticated SQL Injection via username

8.1

CVE ID Unknown

Jul 14, 2023

Researchers:

User Activity Log <= 1.9 - Authenticated (Administrator+) SQL Injection

9.1

CVE-2024-31356

Apr 7, 2024

Researcher: Muhammad Daffa

Title	Status	CVE ID	CVSS	Researchers	Date
User Activity Log <= 1.6.6 - IP Address Spoofing	Patched	CVE-2023-4279	5.3	Bartłomiej Marek, Tomasz Swiadek	August 14, 2023
User Activity Log <= 1.4.6 - Reflected Cross-Site Scripting	Patched		6.1		August 30, 2021
User Activity Log <= 1.4.6 - Reflected Cross Site Scripting	Patched		6.1	swapnil subhash bodekar	August 30, 2021
User Activity Log <= 1.6.2 - Authenticated(Administrator+) SQL Injection via txtsearch	Patched	CVE-2023-2761	6.6	Ilyase Dehy, Aymane Mazguiti	May 25, 2023
User Activity Log <= 1.6.2 - Authenticated (Administrator+) SQL Injection	Patched	CVE-2023-37966	7.2	LEE SE HYOUNG	July 12, 2023
User Activity Log <= 1.6.5 - Unauthenticated Data Export to Sensitive Information Disclosure	Patched	CVE-2023-4269	7.5	Daniel Ruf	August 8, 2023
User Activity Log <= 1.6.4 - Unauthenticated SQL Injection	Patched	CVE-2023-3435	7.5	Marc-Alexandre Montpas	July 24, 2023
User Activity Log <= 1.6.2 - Unauthenticated SQL Injection via username	Patched		8.1		July 14, 2023
User Activity Log <= 1.9 - Authenticated (Administrator+) SQL Injection	Unpatched	CVE-2024-31356	9.1	Muhammad Daffa	April 7, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation