Sensitive Data Exposure in Logtivity Activity Tracking for WordPress
CVE-2026-42673

7.5HIGH

Key Information:

Vendor: WordPress
Status: Activity Logs, User Activity Tracking, Multisite Activity Log From Logtivity
Vendor: CVE Published:; 1 June 2026

What is CVE-2026-42673?

The Logtivity Activity Logs plugin for WordPress is susceptible to a vulnerability that allows sensitive information to be inadvertently sent in logs. This exposure could potentially lead to the retrieval of embedded sensitive data, raising concerns about privacy and data security. Versions prior to and including 3.3.6 are affected, making it crucial for users to assess their installations and implement necessary updates to safeguard against unauthorized data access.

Affected Version(s)

Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity <= 3.3.6

References

https://patchstack.com/database/wordpress/plugin/logtivit...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

Peng Zhou | Patchstack Bug Bounty Program

CVE-2026-42673 Data

JSON