WP-Safety

Activity Logger Security & Risk Analysis

wordpress.org/plugins/activity-logger

Logs all activity within the CMS by logged-in users. Allows for user-defined exclusions, filtering, and log exports.

0 active installs v1.1.1 PHP + WP 5.0+ Updated Oct 6, 2024
activitycmsloggingwordpress
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Activity Logger Safe to Use in 2026?

Generally Safe

Score 92/100

Activity Logger has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "activity-logger" plugin v1.1.1 exhibits a strong security posture based on the provided static analysis and vulnerability history. The absence of any detected dangerous functions, file operations, or external HTTP requests is highly positive. Furthermore, the plugin demonstrates good practices with a high percentage of SQL queries using prepared statements and a significant portion of outputs being properly escaped. The low number of taint flows and the complete lack of critical or high severity issues in this analysis indicate a well-secured codebase against common injection and data manipulation vulnerabilities.

The vulnerability history further reinforces this positive assessment, showing no known CVEs associated with this plugin. This suggests a track record of secure development and maintenance. The plugin also incorporates a reasonable number of nonce and capability checks, contributing to its overall resilience against unauthorized actions.

While the attack surface appears minimal with no AJAX handlers, REST API routes, shortcodes, or cron events exposed directly, the plugin's security relies heavily on the effectiveness of the checks it does perform. The overall security is good, with no immediate critical risks identified in the static analysis or history. However, a truly comprehensive assessment would require deeper code review beyond the scope of this data.

Vulnerabilities
None known

Activity Logger Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Activity Logger Release Timeline

v1.1.1Current
Code Analysis
Analyzed Mar 17, 2026

Activity Logger Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
11 prepared
Unescaped Output
7
35 escaped
Nonce Checks
5
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

85% prepared13 total queries

Output Escaping

83% escaped42 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

4 flows
delete_log_entry (activity-logger.php:397)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Activity Logger Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 16
actionwp_insert_postactivity-logger.php:34
actiondelete_postactivity-logger.php:35
actionadd_attachmentactivity-logger.php:36
actionupdated_optionactivity-logger.php:37
actionactivated_pluginactivity-logger.php:38
actiondeactivated_pluginactivity-logger.php:39
actionwp_trash_postactivity-logger.php:40
actionadmin_menuactivity-logger.php:41
actionprofile_updateactivity-logger.php:44
actionwp_loginactivity-logger.php:45
actionset_current_useractivity-logger.php:47
actionwp_logoutactivity-logger.php:49
actionafter_password_resetactivity-logger.php:50
actionadmin_enqueue_scriptsactivity-logger.php:53
actionadmin_post_activity_logger_export_logsactivity-logger.php:56
actionadmin_post_activity_logger_delete_logactivity-logger.php:58
Maintenance & Trust

Activity Logger Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedOct 6, 2024
PHP min version
Downloads930

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Activity Logger Alternatives

LogAction – Activity Logs for Admin

LogAction – Activity Logs for Admin

logaction

A
92

Track and log WordPress activities to monitor and improve your site's security and administrative tasks.

0 No CVEs
Disable User Gravatar

Disable User Gravatar

disable-user-gravatar

A
85

Stops WordPress from grabbing a user avatar using their registrated email from gravatar.com.

3K No CVEs
BotWriter – AI Writer & Content Generator

BotWriter – AI Writer & Content Generator

botwriter

A
100

AI Writer & content generator for WordPress & WooCommerce. Auto blogging, AI writing plugin, product descriptions and SEO content.

2K No CVEs
Plainview Activity Monitor

Plainview Activity Monitor

plainview-activity-monitor

B
84

Real-time monitoring of users, content, functionality, appearance, security, and updates.

200 1 CVE
UptimeMonster Site Monitor

UptimeMonster Site Monitor

uptimemonster-site-monitor

A
92

Monitor all activities and error logs of your WordPress site with UptimeMonster. Effortlessly simplify website management.

200 No CVEs
Developer Profile

Activity Logger Developer Profile

adgardner1392

2 plugins · 60 total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Activity Logger

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/activity-logger/js/admin.js/wp-content/plugins/activity-logger/css/admin.css
Script Paths
/wp-content/plugins/activity-logger/js/admin.js
Version Parameters
activity-logger/js/admin.js?ver=activity-logger/css/admin.css?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Activity Logger