Cross-Site Request Forgery Vulnerability in Activity Log WinterLock by WordPress
CVE-2025-24982

Currently unrated

Key Information:

Vendor: WordPress
Status: Activity Log Winterlock
Vendor: CVE Published:; 4 February 2025

What is CVE-2025-24982?

A cross-site request forgery vulnerability exists in Activity Log WinterLock prior to version 1.2.5. If a user is logged into their account and visits a malicious website, an attacker could exploit this vulnerability to delete log data without the user's knowledge, potentially compromising critical log information.

Affected Version(s)

Activity Log WinterLock prior to 1.2.5

References

https://wordpress.org/plugins/winterlock/

https://jvn.jp/en/jp/JVN94806805/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Jan 30, 2025