CVE-2018-8729

Name of the Vulnerable Software and Affected Versions Activity Log plugin versions prior to 2.4.1 for WordPress

Description The issue allows remote attackers to inject arbitrary JavaScript or HTML via a title that is not properly escaped, potentially leading to cross-site scripting (XSS) attacks. This could enable attackers to execute malicious scripts on the client-side.

Recommendations For versions prior to 2.4.1, update to version 2.4.1 or later to resolve the issue. As a temporary workaround, consider restricting user input for titles to minimize the risk of exploitation.