WP-Safety

History Log by click5 Security & Risk Analysis

wordpress.org/plugins/history-log-by-click5

Best WordPress plugin to track user activity and log changes on your website.

400 active installs v1.0.13 PHP 7.0+ WP 5.3+ Updated Sep 29, 2023
activitychangesclick5historylog
38
D · High Risk
CVEs total3
Unpatched2
Last CVEMay 30, 2025
Plugin page Download
Safety Verdict

Is History Log by click5 Safe to Use in 2026?

High Risk

Score 38/100

History Log by click5 carries significant security risk with 3 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

3 known CVEs 2 unpatched Last CVE: May 30, 2025Updated 2yr ago
Risk Assessment

The "history-log-by-click5" plugin v1.0.13 presents a significant security risk primarily due to its substantial unprotected attack surface. With 25 unprotected entry points, including 23 AJAX handlers and 2 REST API routes lacking permission callbacks, this plugin is highly vulnerable to unauthorized access and manipulation. While the code exhibits good practices in other areas like SQL prepared statements (97%) and output escaping (96%), these strengths are overshadowed by the critical flaw of exposing numerous functionalities without proper authentication or authorization checks. The taint analysis also indicates a concerning flow with an unsanitized path, which, combined with the unprotected entry points, heightens the risk of code injection vulnerabilities.

The plugin's vulnerability history, with 3 known CVEs and 2 currently unpatched (1 high, 2 medium), strongly suggests a recurring pattern of security weaknesses, particularly concerning Cross-Site Scripting (XSS) and SQL Injection. The recent vulnerability in May 2025 further emphasizes the ongoing need for diligent security patching. In conclusion, while the plugin demonstrates some positive coding practices, the extensive unprotected attack surface and a history of exploitable vulnerabilities create a precarious security posture. Immediate attention is required to address the authentication and authorization gaps to mitigate the risk of compromise.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • Unpatched CVE (High Severity)
  • Unpatched CVE (Medium Severity)
  • Unpatched CVE (Medium Severity)
  • Flow with unsanitized paths
  • No capability checks
Vulnerabilities
3

History Log by click5 Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2025-47598medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

History Log by click5 <= 1.0.13 - Authenticated (Subscriber+) Stored Cross-Site Scripting

May 30, 2025Unpatched
CVE-2025-31531high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

History Log by click5 <= 1.0.13 - Unauthenticated SQL Injection

Mar 31, 2025Unpatched
CVE-2023-5082medium · 6.6Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

History Log by click5 <= 1.0.12 - Authenticated(Administrator+) Time-Based Blind SQL Injection

Oct 15, 2023 Patched in 1.0.13 (100d)
Code Analysis
Analyzed Mar 16, 2026

History Log by click5 Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
28 prepared
Unescaped Output
22
491 escaped
Nonce Checks
5
Capability Checks
0
File Operations
3
External Requests
0
Bundled Libraries
0

SQL Query Safety

97% prepared29 total queries

Output Escaping

96% escaped513 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
click5_global_user_var (history-log-by-click5.php:115)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
25 unprotected

History Log by click5 Attack Surface

Entry Points25
Unprotected25

AJAX Handlers 23

authwp_ajax_nf_save_formhistory-log-by-click5.php:1985
authwp_ajax_sbi_feed_saver_manager_delete_sourcehistory-log-by-click5.php:2179
authwp_ajax_sbi_feed_saver_manager_delete_sourcehistory-log-by-click5.php:2201
authwp_ajax_sbi_feed_saver_manager_builder_updatehistory-log-by-click5.php:3280
authwp_ajax_sbi_feed_saver_manager_duplicate_feedhistory-log-by-click5.php:3299
authwp_ajax_sbi_feed_saver_manager_delete_feedshistory-log-by-click5.php:3369
authwp_ajax_wpgmza_maps_settings_danger_zone_delete_data history-log-by-click5.php:3403
authwp_ajax_ai1wm_exporthistory-log-by-click5.php:3554
authwp_ajax_ai1wm_importhistory-log-by-click5.php:3582
authwp_ajax_ai1wm_backupshistory-log-by-click5.php:3601
authwp_ajax_ai1wm_add_backup_labelhistory-log-by-click5.php:3610
authwp_ajax_ai1wm_backup_download_filehistory-log-by-click5.php:3619
authwp_ajax_updraft_download_backuphistory-log-by-click5.php:3642
authwp_ajax_updraft_savesettingshistory-log-by-click5.php:3670
authwp_ajax_duplicator_download_installerhistory-log-by-click5.php:3740
authwp_ajax_duplicator_package_deletehistory-log-by-click5.php:3760
authwp_ajax_DUP_CTRL_Tools_runScanValidatorhistory-log-by-click5.php:3776
authwp_ajax_limit-login-unlockhistory-log-by-click5.php:4403
authwp_ajax_download_backup_filehistory-log-by-click5.php:4464
authwp_ajax_wordfence_saveOptionshistory-log-by-click5.php:9170
authwp_ajax_wordfence_scanhistory-log-by-click5.php:9257
authwp_ajax_wordfence_killScanhistory-log-by-click5.php:9266
authwp_ajax_wordfence_restoreDefaultshistory-log-by-click5.php:9275

REST API Routes 2

POST/wp-json/click5_history_log/API/support_pluginapi.php:3
POST/wp-json/click5_history_log/API/support_moduleapi.php:10
WordPress Hooks 113
actionrest_api_initapi.php:2
filterwp_redirecthistory-log-by-click5.php:72
actioninithistory-log-by-click5.php:114
actionwp_dashboard_setuphistory-log-by-click5.php:944
actionbackwpup_cronhistory-log-by-click5.php:992
actionhttp_api_curlhistory-log-by-click5.php:1003
filterrecovery_mode_emailhistory-log-by-click5.php:1011
actionclick5_history_log_alerts_emailhistory-log-by-click5.php:1026
filterdisplay_default_error_templatehistory-log-by-click5.php:1068
filterwp_php_error_messagehistory-log-by-click5.php:1083
filtercron_scheduleshistory-log-by-click5.php:1104
actionclick5_add_every_minuteshistory-log-by-click5.php:1116
actionadmin_menuhistory-log-by-click5.php:1184
actionadmin_inithistory-log-by-click5.php:1188
actionactivated_pluginhistory-log-by-click5.php:1197
filterplugin_row_metahistory-log-by-click5.php:1207
action_core_updated_successfullyhistory-log-by-click5.php:1302
actionafter_switch_themehistory-log-by-click5.php:1317
actionswitch_themehistory-log-by-click5.php:1326
actiondelete_themehistory-log-by-click5.php:1335
actionwp_create_nav_menuhistory-log-by-click5.php:1345
actionwp_update_nav_menuhistory-log-by-click5.php:1354
actiondelete_nav_menuhistory-log-by-click5.php:1365
actionactivated_pluginhistory-log-by-click5.php:1374
actiondeactivated_pluginhistory-log-by-click5.php:1385
actiondelete_pluginhistory-log-by-click5.php:1396
actionupgrader_process_completehistory-log-by-click5.php:1408
actionregister_activation_hookhistory-log-by-click5.php:1494
actionautomatic_updates_completehistory-log-by-click5.php:1548
actionuser_registerhistory-log-by-click5.php:1589
actionpublish_pagehistory-log-by-click5.php:1653
actionpublish_posthistory-log-by-click5.php:1680
actionupdated_post_metahistory-log-by-click5.php:1706
actiondeleted_post_metahistory-log-by-click5.php:1802
actionadded_post_metahistory-log-by-click5.php:1819
actiontransition_comment_statushistory-log-by-click5.php:1884
actionspam_commenthistory-log-by-click5.php:1912
actionuntrashed_commenthistory-log-by-click5.php:1920
actiontrash_commenthistory-log-by-click5.php:1928
actiondelete_commenthistory-log-by-click5.php:1936
actionadd_attachmenthistory-log-by-click5.php:1944
actionedit_attachmenthistory-log-by-click5.php:1966
filterninja_forms_after_form_deletehistory-log-by-click5.php:2000
filterninja_forms_excluded_duplicate_form_settingshistory-log-by-click5.php:2011
actioninithistory-log-by-click5.php:2024
actionbsr_ajax_process_search_replacehistory-log-by-click5.php:2056
actionbsr_ajax_process_backuphistory-log-by-click5.php:2108
actionbsr_ajax_process_importhistory-log-by-click5.php:2129
actionadmin_post_bsr_download_backuphistory-log-by-click5.php:2152
filtershould_do_source_updateshistory-log-by-click5.php:2184
actiontransition_post_statushistory-log-by-click5.php:2223
actionuntrash_posthistory-log-by-click5.php:2549
actionwp_trash_posthistory-log-by-click5.php:2572
actiondelete_posthistory-log-by-click5.php:2595
actiondelete_userhistory-log-by-click5.php:2671
actionset_user_rolehistory-log-by-click5.php:2681
actionedit_user_profile_updatehistory-log-by-click5.php:2706
actioncreate_categoryhistory-log-by-click5.php:2708
actiondelete_categoryhistory-log-by-click5.php:2718
actionedited_categoryhistory-log-by-click5.php:2727
actioncreate_post_taghistory-log-by-click5.php:2738
actiondelete_post_taghistory-log-by-click5.php:2748
actionedit_post_taghistory-log-by-click5.php:2756
actionedit_termhistory-log-by-click5.php:2766
actioncreate_termhistory-log-by-click5.php:2794
actiondelete_termhistory-log-by-click5.php:2821
filterrest_request_before_callbackshistory-log-by-click5.php:2846
filterrest_request_after_callbackshistory-log-by-click5.php:2885
actionsheduled_emailhistory-log-by-click5.php:3068
filterredirection_create_redirecthistory-log-by-click5.php:3081
filterredirection_redirect_deletedhistory-log-by-click5.php:3099
filterredirection_redirect_updatedhistory-log-by-click5.php:3116
filtersite_status_test_resulthistory-log-by-click5.php:3138
filterwidget_update_callbackhistory-log-by-click5.php:3232
actiondynamic_sidebar_paramshistory-log-by-click5.php:3316
actionadmin_post_wpgmza_save_maphistory-log-by-click5.php:3389
filterwpgmza_create_WPGMZA\Maphistory-log-by-click5.php:3408
actionjetpack_deactivate_modulehistory-log-by-click5.php:3452
actionjetpack_activate_modulehistory-log-by-click5.php:3478
actiondp_duplicate_posthistory-log-by-click5.php:3504
actiondp_duplicate_pagehistory-log-by-click5.php:3521
actionduplicate_post_after_rewritinghistory-log-by-click5.php:3537
actionupdraft_backupnow_backup_allhistory-log-by-click5.php:3675
actionupdraft_backupnow_backuphistory-log-by-click5.php:3683
actionupdraft_backupnow_backup_databasehistory-log-by-click5.php:3690
actionupdraft_backup_allhistory-log-by-click5.php:3698
actionupdraft_backuphistory-log-by-click5.php:3706
actionupdraft_backup_databasehistory-log-by-click5.php:3713
filterupdraftplus_loglinehistory-log-by-click5.php:3720
actionduplicator_lite_build_database_completedhistory-log-by-click5.php:3728
actionadmin_inithistory-log-by-click5.php:3783
actionpll_add_languagehistory-log-by-click5.php:3957
actionpll_update_languagehistory-log-by-click5.php:3978
actiondelete_termhistory-log-by-click5.php:3997
actionpll_save_strings_translationshistory-log-by-click5.php:4009
actionpll_save_posthistory-log-by-click5.php:4018
actionedited_post_translationshistory-log-by-click5.php:4234
actionadmin_post_backwpuphistory-log-by-click5.php:4417
filterbackwpup_admin_pageshistory-log-by-click5.php:4432
actiontemplate_redirecthistory-log-by-click5.php:4654
actionstring_locator_post_save_actionhistory-log-by-click5.php:4728
filterstring_locator_directory_iterator_short_circuithistory-log-by-click5.php:4747
actionstring_locator_directory_iterator_short_circuithistory-log-by-click5.php:4751
filterwp_mailhistory-log-by-click5.php:4810
filterrest_request_after_callbackshistory-log-by-click5.php:4864
filterrest_request_before_callbackshistory-log-by-click5.php:4933
actionupdate_optionhistory-log-by-click5.php:5005
actionplugins_loadedhistory-log-by-click5.php:8698
actionadmin_enqueue_scriptshistory-log-by-click5.php:9163
actionwp_loginhistory-log-by-click5.php:9294
actionfuture_to_publishhistory-log-by-click5.php:9296
actionprofile_updatehistory-log-by-click5.php:9312
actionafter_password_resethistory-log-by-click5.php:9326

Scheduled Events 2

click5_add_every_minutes
sheduled_email
Maintenance & Trust

History Log by click5 Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8
Last updatedSep 29, 2023
PHP min version7.0
Downloads10K

Community Trust

Rating100/100
Number of ratings2
Active installs400
Alternatives

History Log by click5 Alternatives

NextCellent Simple History

NextCellent Simple History

ngg-simple-history

A
85

Add Simple History integration for NextCellent.

70 No CVEs
Simple History – Track, Log, and Audit WordPress Changes

Simple History – Track, Log, and Audit WordPress Changes

simple-history

A
96

Track changes and user activities on your WordPress site. See who created a page, uploaded an attachment, and more, for a complete audit trail.

300K 4 CVEs
WP Activity Log

WP Activity Log

wp-security-audit-log

B
82

The #1 user-rated activity log plugin for event logging, activity monitoring and change tracking.

300K 11 CVEs
Adminify Activity Logs

Adminify Activity Logs

adminify-activity-logs

A
100

Track WordPress dashboard activities with this free plugin. Monitor user actions, filter by time, role for complete site security and accountability

200 No CVEs
Ambiscale Activity Manager

Ambiscale Activity Manager

ambiscale-activity-manager

A
100

Monitor your website by logging all activities - from user behavior to system-level changes - giving you complete visibility directly from dashboard.

70 No CVEs
Developer Profile

History Log by click5 Developer Profile

click5

6 plugins · 7K total installs

69
trust score
Avg Security Score
85/100
Avg Patch Time
375 days
View full developer profile
Detection Fingerprints

How We Detect History Log by click5

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/history-log-by-click5/css/style.css/wp-content/plugins/history-log-by-click5/js/custom.js
Script Paths
/wp-content/plugins/history-log-by-click5/js/custom.js
Version Parameters
history-log-by-click5/css/style.css?ver=history-log-by-click5/js/custom.js?ver=

HTML / DOM Fingerprints

CSS Classes
click5_history_log_table
Data Attributes
data-plugin-name="history-log-by-click5"
JS Globals
click5_history_log_vars
FAQ

Frequently Asked Questions about History Log by click5