Cross Site Scripting Vulnerability in WP Activity Log Plugin by WordPress
CVE-2026-56005

7.1HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
25 June 2026

What is CVE-2026-56005?

The WP Activity Log plugin for WordPress versions up to 5.6.3.1 includes a vulnerability that allows for cross-site scripting (XSS) attacks. This vulnerability can be exploited by an attacker to inject malicious scripts, which may compromise the security of users interacting with the affected plugin. It is important for users to update to a patched version to mitigate risks associated with XSS threats.

Affected Version(s)

WP Activity Log <= 5.6.3.1

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

daroo | Patchstack Bug Bounty Program
.