Cross-Site Request Forgery Vulnerability in Activity Log WinterLock by WordPress
CVE-2025-24982

Currently unrated

Key Information:

Vendor: WordPress
Status: Activity Log Winterlock
Vendor: CVE Published:; 4 February 2025

What is CVE-2025-24982?

A cross-site request forgery vulnerability exists in Activity Log WinterLock prior to version 1.2.5. If a user is logged into their account and visits a malicious website, an attacker could exploit this vulnerability to delete log data without the user's knowledge, potentially compromising critical log information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Activity Log WinterLock prior to 1.2.5

References

https://wordpress.org/plugins/winterlock/

https://jvn.jp/en/jp/JVN94806805/

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Jan 30, 2025

JSON

WordPress

What is CVE-2025-24982?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.