PT-2026-43148 · Melapress · Wp Activity Log
Daroo
·
Published
2026-05-25
·
Updated
2026-05-26
·
CVE-2026-45435
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
WP Activity Log versions prior to 5.6.4
Description
Improper neutralization of input during web page generation in Melapress WP Activity Log allows for DOM-Based Cross-site Scripting (XSS), a flaw where the application contains client-side JavaScript that processes data from an untrusted source in an unsafe way, typically writing the data back to the Document Object Model (DOM).
Recommendations
Update to a version newer than 5.6.3.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Activity Log