WP-Safety

coreActivity: Activity Logging for WordPress Security & Risk Analysis

wordpress.org/plugins/coreactivity

Monitor and log all kinds of activity happening on the WordPress website, with fine control over events to log, detailed log and events panels...

10 active installs v3.0 PHP 8.0+ WP 6.1+ Updated Feb 11, 2026
activityactivity-logaudit-logdev4pressevent-log
92
A · Safe
CVEs total4
Unpatched0
Last CVEMay 12, 2026
Plugin page Download
Safety Verdict

Is coreActivity: Activity Logging for WordPress Safe to Use in 2026?

Generally Safe

Score 92/100

coreActivity: Activity Logging for WordPress has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

4 known CVEsLast CVE: May 12, 2026Updated 3mo ago
Risk Assessment

The static analysis of the 'coreactivity' plugin v3.0 indicates a generally strong security posture with several positive aspects. The plugin utilizes prepared statements for all SQL queries, which is excellent protection against SQL injection. Output escaping is also well-implemented, with 90% of outputs properly escaped, minimizing the risk of Cross-Site Scripting (XSS) vulnerabilities. The complete absence of critical or high severity taint flows further reinforces this positive outlook, suggesting that user input is being handled safely within the analyzed code paths.

However, the plugin's vulnerability history presents a significant concern. Despite the current version having no unpatched CVEs, the fact that it has a history of three known vulnerabilities, including one high-severity SQL injection, one medium-severity SQL injection, and another medium-severity XSS, suggests recurring security weaknesses. The recurrence of these vulnerability types, even if currently patched, points to potential systemic issues in how certain input types are handled or validated, which might not have been fully addressed in the past or could reappear in future versions if coding practices don't evolve. The presence of capability checks and nonce checks on its AJAX handlers is a good mitigation, but the historical pattern warrants caution.

In conclusion, while version 3.0 of 'coreactivity' demonstrates good secure coding practices in its current static analysis, its past vulnerability record should not be overlooked. The plugin benefits from robust SQL and output handling. The key weakness lies in the historical pattern of vulnerabilities, particularly SQL injection and XSS, suggesting that ongoing vigilance and thorough code reviews are essential. Users should remain aware of the plugin's update history and consider the potential for future vulnerabilities based on past trends.

Key Concerns

  • High severity vulnerability history
  • Medium severity vulnerability history (x2)
  • One capability check for multiple entry points
Vulnerabilities
4 published

coreActivity: Activity Logging for WordPress Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
1 CVE in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
2
Medium
2

4 total CVEs

CVE-2026-7635high · 8.1Deserialization of Untrusted Data

coreActivity: Activity Logging for WordPress <= 3.0 - Unauthenticated PHP Object Injection via 'user_agent' Log Meta Field

May 12, 2026 Patched in 3.1 (1d)
CVE-2025-3436medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

coreActivity: Activity Logging for WordPress <= 2.7 - Authenticated (Subscriber+) SQL Injection

Apr 7, 2025 Patched in 2.7.1 (1d)
CVE-2024-0868medium · 5.3Use of Less Trusted Source

coreActivity <= 2.0.1 - IP Spoofing

Mar 27, 2024 Patched in 2.1 (30d)
CVE-2024-0852high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

coreActivity <= 1.8 - Unauthenticated Stored Cross-Site Scripting

Jan 26, 2024 Patched in 1.8.1 (4d)
Version History

coreActivity: Activity Logging for WordPress Release Timeline

v3.0Current1 CVE
CVE-2026-7635
v2.81 CVE
CVE-2026-7635
v2.7.11 CVE
CVE-2026-7635
v2.72 CVEs
CVE-2025-3436 CVE-2026-7635
v2.62 CVEs
CVE-2025-3436 CVE-2026-7635
v2.52 CVEs
CVE-2025-3436 CVE-2026-7635
v2.4.12 CVEs
CVE-2025-3436 CVE-2026-7635
v2.42 CVEs
CVE-2025-3436 CVE-2026-7635
v2.3.62 CVEs
CVE-2025-3436 CVE-2026-7635
v2.3.52 CVEs
CVE-2025-3436 CVE-2026-7635
v2.3.42 CVEs
CVE-2025-3436 CVE-2026-7635
v2.3.32 CVEs
CVE-2025-3436 CVE-2026-7635
v2.3.22 CVEs
CVE-2025-3436 CVE-2026-7635
v2.3.12 CVEs
CVE-2025-3436 CVE-2026-7635
v2.32 CVEs
CVE-2025-3436 CVE-2026-7635
v2.22 CVEs
CVE-2025-3436 CVE-2026-7635
v2.12 CVEs
CVE-2025-3436 CVE-2026-7635
v2.0.13 CVEs
CVE-2024-0868 CVE-2025-3436 CVE-2026-7635
v2.03 CVEs
CVE-2024-0868 CVE-2025-3436 CVE-2026-7635
v1.8.23 CVEs
CVE-2024-0868 CVE-2025-3436 CVE-2026-7635
Code Analysis
Analyzed Mar 17, 2026

coreActivity: Activity Logging for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
40 prepared
Unescaped Output
28
240 escaped
Nonce Checks
8
Capability Checks
1
File Operations
3
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared40 total queries

Output Escaping

90% escaped268 total outputs
Attack Surface

coreActivity: Activity Logging for WordPress Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 4

authwp_ajax_coreactivity_toggle_eventcore\admin\AJAX.php:18
authwp_ajax_coreactivity_toggle_notificationcore\admin\AJAX.php:19
authwp_ajax_coreactivity_live_logscore\admin\AJAX.php:20
authwp_ajax_coreactivity_whois_ipcore\admin\AJAX.php:21
WordPress Hooks 207
actioncurrent_screencore\admin\meta\Users.php:18
filtermanage_users_columnscore\admin\meta\Users.php:38
filtermanage_users_sortable_columnscore\admin\meta\Users.php:39
filteruser_row_actionscore\admin\meta\Users.php:40
filterwpmu_users_columnscore\admin\meta\Users.php:42
filtermanage_users-network_sortable_columnscore\admin\meta\Users.php:43
filterms_user_row_actionscore\admin\meta\Users.php:44
filtermanage_users_custom_columncore\admin\meta\Users.php:48
filterusers_list_table_query_argscore\admin\meta\Users.php:49
filterdefault_hidden_columnscore\admin\Plugin.php:77
actionadmin_noticescore\admin\Plugin.php:177
actioncoreactivity_component_registrationcore\base\Component.php:55
actioncoreactivity_events_registrationcore\base\Component.php:56
actioncoreactivity_registered_object_typescore\base\Component.php:59
actioncoreactivity_logs_meta_column_keyscore\base\Component.php:60
actioncoreactivity_tracking_readycore\base\Component.php:61
actioncoreactivity_tracking_readycore\base\Component.php:62
actiontransition_post_statuscore\base\Content.php:26
actiondelete_postcore\base\Content.php:30
actionset_object_termscore\base\Content.php:34
actioncoreactivity_metas_added_postcore\base\Content.php:38
actioncoreactivity_metas_updated_postcore\base\Content.php:42
actioncoreactivity_metas_deleted_postcore\base\Content.php:46
actionwp_before_admin_bar_rendercore\basic\AdminBar.php:11
actionadmin_headcore\basic\AdminBar.php:13
actionwp_headcore\basic\AdminBar.php:14
actioncoreactivity_instant_notificationcore\basic\Jobs.php:17
actioncoreactivity_daily_maintenancecore\basic\Jobs.php:20
actioncoreactivity_daily_digestcore\basic\Jobs.php:21
actioncoreactivity_daily_statisticscore\basic\Jobs.php:22
actioncoreactivity_weekly_digestcore\basic\Jobs.php:23
actioncoreactivity_weekly_maintenancecore\basic\Jobs.php:24
actioncoreactivity_task_log_purgecore\basic\Jobs.php:25
actioncoreactivity_task_geo_dbcore\basic\Jobs.php:26
actioncoreactivity_task_users_metacore\basic\Jobs.php:27
actioninitcore\basic\Plugin.php:60
actiondebugpress-tracker-plugins-callcore\basic\Plugin.php:61
actioncoreactivity_load_settingscore\basic\Settings.php:128
actioncoreactivity_settings_value_changedcore\basic\Settings.php:129
actionadd_attachmentcore\components\Attachment.php:19
actionedit_attachmentcore\components\Attachment.php:23
actiondelete_attachmentcore\components\Attachment.php:27
actiontransition_comment_statuscore\components\Comment.php:23
actiondelete_commentcore\components\Comment.php:27
actioncoreactivity_metas_added_commentcore\components\Comment.php:31
actioncoreactivity_metas_updated_commentcore\components\Comment.php:35
actioncoreactivity_metas_deleted_commentcore\components\Comment.php:39
actiontemplate_redirectcore\components\Error.php:24
actioncoreactivity_cleanup_completedcore\components\Internal.php:19
actioncoreactivity_cleanup_auto_completedcore\components\Internal.php:23
actioncoreactivity_notifications_daily_digestcore\components\Internal.php:27
actioncoreactivity_notifications_weekly_digestcore\components\Internal.php:31
actionwp_initialize_sitecore\components\Network.php:32
actionwp_uninitialize_sitecore\components\Network.php:36
actionwp_update_sitecore\components\Network.php:40
actionmake_delete_blogcore\components\Network.php:44
actionmake_undelete_blogcore\components\Network.php:48
actionarchive_blogcore\components\Network.php:52
actionunarchive_blogcore\components\Network.php:56
actionmake_spam_blogcore\components\Network.php:60
actionmake_ham_blogcore\components\Network.php:64
actionmature_blogcore\components\Network.php:68
actionunmature_blogcore\components\Network.php:72
actionupdate_blog_publiccore\components\Network.php:76
actionafter_signup_sitecore\components\Network.php:80
filterwpmu_validate_blog_signupcore\components\Network.php:84
actiondev4press_mailer_notification_detectedcore\components\Notification.php:63
actionwp_mail_succeededcore\components\Notification.php:66
actionwp_mail_failedcore\components\Notification.php:70
actionupdated_optioncore\components\Option.php:178
actiondeleted_optioncore\components\Option.php:182
actionadded_optioncore\components\Option.php:186
actionsetted_transientcore\components\Option.php:190
actiondeleted_transientcore\components\Option.php:194
actiondelete_plugincore\components\Plugin.php:27
actiondeleted_plugincore\components\Plugin.php:28
actionactivated_plugincore\components\Plugin.php:32
actiondeactivated_plugincore\components\Plugin.php:36
actioncoreactivity_upgrader_plugin_installcore\components\Plugin.php:40
actioncoreactivity_upgrader_plugin_updatecore\components\Plugin.php:44
actioncoreactivity_upgrader_plugin_install_errorcore\components\Plugin.php:48
actioncoreactivity_upgrader_plugin_update_errorcore\components\Plugin.php:52
actionsave_post_user_requestcore\components\Privacy.php:21
actionuser_request_action_confirmedcore\components\Privacy.php:22
actionload-export-personal-data.phpcore\components\Privacy.php:24
actionload-erase-personal-data.phpcore\components\Privacy.php:25
actionwp_privacy_personal_data_erasedcore\components\Privacy.php:28
actionwp_privacy_personal_data_export_file_createdcore\components\Privacy.php:32
actionbefore_delete_postcore\components\Privacy.php:168
actionadmin_action_completecore\components\Privacy.php:169
actionbefore_delete_postcore\components\Privacy.php:173
filterrest_pre_serve_requestcore\components\RESTAPI.php:44
actionupdate_site_optioncore\components\Sitemeta.php:79
actiondelete_site_optioncore\components\Sitemeta.php:83
actionadd_site_optioncore\components\Sitemeta.php:87
actionsetted_site_transientcore\components\Sitemeta.php:91
actiondeleted_site_transientcore\components\Sitemeta.php:95
actioncreated_termcore\components\Term.php:23
actiondelete_termcore\components\Term.php:27
actionedit_termscore\components\Term.php:31
actionedited_termcore\components\Term.php:32
actioncoreactivity_metas_added_termcore\components\Term.php:36
actioncoreactivity_metas_updated_termcore\components\Term.php:40
actioncoreactivity_metas_deleted_termcore\components\Term.php:44
actionswitch_themecore\components\Theme.php:27
actiondelete_themecore\components\Theme.php:31
actiondeleted_themecore\components\Theme.php:32
actioncoreactivity_upgrader_theme_installcore\components\Theme.php:36
actioncoreactivity_upgrader_theme_updatecore\components\Theme.php:40
actioncoreactivity_upgrader_theme_install_errorcore\components\Theme.php:44
actioncoreactivity_upgrader_theme_update_errorcore\components\Theme.php:48
filterauthenticatecore\components\User.php:38
actionwp_logincore\components\User.php:41
actionwp_logoutcore\components\User.php:45
actionauth_cookie_malformedcore\components\User.php:49
actionauth_cookie_bad_hashcore\components\User.php:50
actionauth_cookie_bad_usernamecore\components\User.php:51
actionwp_login_failedcore\components\User.php:55
actionlogin_form_lostpasswordcore\components\User.php:59
actionlogin_form_resetpasscore\components\User.php:63
actiondeleted_usercore\components\User.php:67
actionset_user_rolecore\components\User.php:71
filterwp_pre_insert_user_datacore\components\User.php:75
filterinsert_user_metacore\components\User.php:79
actionafter_signup_usercore\components\User.php:83
filterwpmu_validate_user_signupcore\components\User.php:87
actionwpmu_activate_usercore\components\User.php:91
actionuser_registercore\components\User.php:95
actioncoreactivity_metas_added_usercore\components\User.php:99
actioncoreactivity_metas_updated_usercore\components\User.php:103
actioncoreactivity_metas_deleted_usercore\components\User.php:107
actionlostpassword_postcore\components\User.php:243
actionafter_password_resetcore\components\User.php:247
filterschedule_eventcore\components\WordPress.php:30
filterexport_wpcore\components\WordPress.php:34
filterdev4press_install_db_deltacore\components\WordPress.php:38
filterdbdelta_queriescore\components\WordPress.php:39
filterupdate_feedbackcore\components\WordPress.php:43
action_core_updated_successfullycore\components\WordPress.php:44
actionset_site_transient_update_corecore\components\WordPress.php:48
actionset_site_transient_update_pluginscore\components\WordPress.php:52
actionset_site_transient_update_themescore\components\WordPress.php:56
actioncoreactivity_plugin_core_readycore\log\Activity.php:68
actioncoreactivity_preparecore\log\Activity.php:69
actioncoreactivity_initcore\log\Activity.php:70
actioncoreactivity_plugin_core_readycore\log\Core.php:98
filtercoreactivity_logs_field_render_object_namecore\log\Display.php:20
actioncoreactivity_event_loggedcore\log\Notifications.php:17
filterupgrader_pre_installcore\log\Upgrader.php:14
actionupgrader_process_completecore\log\Upgrader.php:15
actioninitcore\log\Users.php:11
actionwp_logincore\log\Users.php:12
actionwp_logoutcore\log\Users.php:13
filtercoreactivity_post_do_not_log_post_typescore\plugins\bbPress.php:22
actionupdate_option_bp-active-componentscore\plugins\BuddyPress.php:39
actiongroups_create_groupcore\plugins\BuddyPress.php:43
filterbp_after_groups_create_group_parse_argscore\plugins\BuddyPress.php:47
actiongroups_update_groupcore\plugins\BuddyPress.php:48
actiongroups_details_updatedcore\plugins\BuddyPress.php:49
filtergroups_get_groupcore\plugins\BuddyPress.php:52
actionbp_group_admin_edit_aftercore\plugins\BuddyPress.php:53
filtercoreactivity_post_do_not_log_post_typescore\plugins\ContactForm7.php:25
filterwpcf7_spamcore\plugins\ContactForm7.php:40
actionwpcf7_mail_sentcore\plugins\ContactForm7.php:43
actionwpcf7_mail_failedcore\plugins\ContactForm7.php:47
actiondelete_postcore\plugins\ContactForm7.php:51
filtercoreactivity_debugpress_ajax_call_log_activecore\plugins\DebugPress.php:21
actiondebugpress-tracker-error-loggedcore\plugins\DebugPress.php:32
actiondebugpress-tracker-doing-it-wrong-loggedcore\plugins\DebugPress.php:36
actiondebugpress-tracker-deprecated-function-loggedcore\plugins\DebugPress.php:40
actiondebugpress-tracker-deprecated-file-loggedcore\plugins\DebugPress.php:44
actiondebugpress-tracker-deprecated-argument-loggedcore\plugins\DebugPress.php:48
actiondebugpress-tracker-deprecated-constructor-loggedcore\plugins\DebugPress.php:52
actiondebugpress-tracker-deprecated-hook-run-loggedcore\plugins\DebugPress.php:56
actiondebugpress-tracker-admin-ajax-loggedcore\plugins\DebugPress.php:60
actiondebugpress-tracker-http-request-call-loggedcore\plugins\DebugPress.php:64
actiondp_duplicate_postcore\plugins\DuplicatePost.php:22
actiondp_duplicate_pagecore\plugins\DuplicatePost.php:23
filtercoreactivity_post_do_not_log_post_typescore\plugins\Forminator.php:24
actiondelete_postcore\plugins\Forminator.php:40
actiongdfar_ajax_edit_forum_process_endcore\plugins\GDForumManager.php:21
actiongdfar_ajax_bulk_forum_process_endcore\plugins\GDForumManager.php:25
actiongdfar_ajax_edit_topic_process_endcore\plugins\GDForumManager.php:29
actiongdfar_ajax_bulk_topic_process_endcore\plugins\GDForumManager.php:33
actiongform_after_save_formcore\plugins\GravityForms.php:27
actiongform_before_delete_formcore\plugins\GravityForms.php:31
actiongform_post_form_trashedcore\plugins\GravityForms.php:35
actiongform_post_form_restoredcore\plugins\GravityForms.php:39
actiongform_post_form_activatedcore\plugins\GravityForms.php:43
actiongform_post_form_deactivatedcore\plugins\GravityForms.php:47
actionjetpack_activate_modulecore\plugins\Jetpack.php:28
actionjetpack_deactivate_modulecore\plugins\Jetpack.php:32
actionsweeppress_sweep_completedcore\plugins\SweepPress.php:19
actionsweeppress_options_deletedcore\plugins\SweepPress.php:23
actionsweeppress_sitemetas_deletedcore\plugins\SweepPress.php:27
actionsweeppress_postmeta_deletedcore\plugins\SweepPress.php:31
actionsweeppress_termmeta_deletedcore\plugins\SweepPress.php:35
actionsweeppress_commentmeta_deletedcore\plugins\SweepPress.php:39
actionsweeppress_usermeta_deletedcore\plugins\SweepPress.php:43
actionsweeppress_blogmeta_deletedcore\plugins\SweepPress.php:47
actionsweeppress_logmeta_deletedcore\plugins\SweepPress.php:51
actionsweeppress_cron_run_jobcore\plugins\SweepPress.php:55
actionsweeppress_cron_deleted_jobcore\plugins\SweepPress.php:59
actionswitch_to_usercore\plugins\UserSwitching.php:19
actionswitch_back_usercore\plugins\UserSwitching.php:23
actionswitch_off_usercore\plugins\UserSwitching.php:27
filtercoreactivity_post_do_not_log_post_typescore\plugins\WooCommerce.php:23

Scheduled Events 9

coreactivity_task_log_purge
coreactivity_daily_statistics
coreactivity_daily_maintenance
coreactivity_weekly_maintenance
coreactivity_task_users_meta
coreactivity_task_geo_db
coreactivity_daily_digest
coreactivity_weekly_digest
coreactivity_instant_notification
Maintenance & Trust

coreActivity: Activity Logging for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 11, 2026
PHP min version8.0
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

coreActivity: Activity Logging for WordPress Alternatives

Logify WP – Activity Log & User Audit Log

Logify WP – Activity Log & User Audit Log

logify-wp

A
100

Logify WP - Activity Log & User Audit Log tracks critical changes, logins, and updates with searchable logs for site security.

200 No CVEs
Aspexi Login Audit

Aspexi Login Audit

aspexi-login-audit

A
85

This plugin helps you to keep an audit trail of user login activities such as successful login, logout, failed login and more to ensure your site perf &hellip;

10 No CVEs
Logify – Event Logger, Activity Monitor, Activity Log & Audit Log

Logify – Event Logger, Activity Monitor, Activity Log & Audit Log

logify

A
100

Monitor, track, and review everything happening on your WordPress site. Logify helps you stay secure, stay compliant, and stay in control.

10 No CVEs
Simple History – Track, Log, and Audit WordPress Changes

Simple History – Track, Log, and Audit WordPress Changes

simple-history

A
95

Track changes and user activities on your WordPress site. See who created a page, uploaded an attachment, and more, for a complete audit trail.

300K 5 CVEs
WP Activity Log

WP Activity Log

wp-security-audit-log

B
82

The #1 user-rated activity log plugin for event logging, activity monitoring and change tracking.

300K 11 CVEs
Developer Profile

coreActivity: Activity Logging for WordPress Developer Profile

Milan Petrovic

17 plugins · 12K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
1106 days
View full developer profile
Detection Fingerprints

How We Detect coreActivity: Activity Logging for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/coreactivity/vendor/dev4press/library/css/admin.css/wp-content/plugins/coreactivity/vendor/dev4press/library/js/admin.js/wp-content/plugins/coreactivity/core/admin/js/logs.js/wp-content/plugins/coreactivity/core/admin/js/dashboard.js/wp-content/plugins/coreactivity/core/admin/js/settings.js/wp-content/plugins/coreactivity/core/admin/js/tools.js/wp-content/plugins/coreactivity/core/admin/js/users.js
Generator Patterns
coreActivity
Script Paths
/wp-content/plugins/coreactivity/vendor/dev4press/library/js/admin.js/wp-content/plugins/coreactivity/core/admin/js/logs.js/wp-content/plugins/coreactivity/core/admin/js/dashboard.js/wp-content/plugins/coreactivity/core/admin/js/settings.js/wp-content/plugins/coreactivity/core/admin/js/tools.js/wp-content/plugins/coreactivity/core/admin/js/users.js
Version Parameters
coreactivity/vendor/dev4press/library/css/admin.css?ver=coreactivity/vendor/dev4press/library/js/admin.js?ver=coreactivity/core/admin/js/logs.js?ver=coreactivity/core/admin/js/dashboard.js?ver=coreactivity/core/admin/js/settings.js?ver=coreactivity/core/admin/js/tools.js?ver=coreactivity/core/admin/js/users.js?ver=

HTML / DOM Fingerprints

CSS Classes
coreactivity-adminbar-countcoreactivity-log
HTML Comments
Copyright 2008 - 2026 Milan Petrovic (email: support@dev4press.com)
Data Attributes
data-coreactivity-logcoreactivity-logdata-coreactivity-settingsdata-coreactivity-toolsdata-coreactivity-admindata-coreactivity-users
JS Globals
coreactivity_admin_settingscoreactivity_admin_toolscoreactivity_admin_users
REST Endpoints
/wp-json/coreactivity/v1/logs
FAQ

Frequently Asked Questions about coreActivity: Activity Logging for WordPress