PT-2025-8980 · Unknown · Wp Activity Log
Andres Roldan
·
Published
2025-02-27
·
Updated
2025-04-03
·
CVE-2025-0767
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WP Activity Log version 5.3.2
Description
The issue arises from unvalidated user input being used directly in an
unserialize function. This is located in the myapp/classes/Writers/class-csv-writer.php file.Recommendations
For WP Activity Log version 5.3.2, consider validating user input before using it in the
unserialize function to prevent potential exploitation. As a temporary workaround, restrict access to the class-csv-writer.php file until a patch is available.Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Activity Log