1 results (0.002 seconds)
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0767 – WP Activity Log 5.3.2 - Insecure deserialization
https://notcve.org/view.php?id=CVE-2025-0767
27 Feb 2025 — WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php. The WP Activity Log plugin for WordPress is vulnerable to PHP Object Injection in version 5.3.2 via deserialization of untrusted input from the 'query' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unles... • https://co.wordpress.org/plugins/wp-security-audit-log • CWE-502: Deserialization of Untrusted Data •