PT-2026-43148 · Melapress · Wp Activity Log

Daroo

·

Published

2026-05-25

·

Updated

2026-05-26

·

CVE-2026-45435

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions WP Activity Log versions prior to 5.6.4
Description Improper neutralization of input during web page generation in Melapress WP Activity Log allows for DOM-Based Cross-site Scripting (XSS), a flaw where the application contains client-side JavaScript that processes data from an untrusted source in an unsafe way, typically writing the data back to the Document Object Model (DOM).
Recommendations Update to a version newer than 5.6.3.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-45435

Affected Products

Wp Activity Log