WP Activity Log 5.3.2 - Insecure deserialization
CVE-2025-0767

6.3MEDIUM

Key Information:

Vendor: Melapress
Status: WP Activity Log
Vendor: CVE Published:; 27 February 2025

Summary

WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php.

Affected Version(s)

WP Activity Log 5.3.2

References

https://fluidattacks.com/advisories/skims-9/

third-party-advisory

https://co.wordpress.org/plugins/wp-security-audit-log/

product

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Jan 28, 2025