Does LogDash Activity Log have any unpatched vulnerabilities?

No. All known vulnerabilities in LogDash Activity Log have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is LogDash Activity Log compatible with WordPress 6.6.5?

According to WordPress.org data, LogDash Activity Log 1.2 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is LogDash Activity Log compatible with PHP 7.4+?

LogDash Activity Log requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is LogDash Activity Log updated?

LogDash Activity Log was last updated on Jul 11, 2024. Frequent updates are generally a positive security signal.

What is LogDash Activity Log's security score?

LogDash Activity Log has a WP-Safety security score of 90/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

LogDash Activity Log Security & Risk Analysis

wordpress.org/plugins/logdash-activity-log

The ultimate solution for tracking activities and security issues on your WordPress site.

100 active installs v1.2 PHP 7.4+ WP 5.9.5+ Updated Jul 11, 2024

activity-logaudit-loguser-activityuser-log

A · Safe

CVEs total1

Unpatched0

Last CVEOct 26, 2023

Plugin page Download

Safety Verdict

Is LogDash Activity Log Safe to Use in 2026?

Generally Safe

Score 90/100

LogDash Activity Log has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 26, 2023Updated 1yr ago

Risk Assessment

The "logdash-activity-log" plugin v1.2 exhibits a generally positive security posture, with a strong adherence to modern WordPress security practices. The static analysis reveals a small attack surface consisting of two entry points, both of which appear to have appropriate authentication and permission checks. The use of prepared statements for all SQL queries is commendable, and a high percentage of output is properly escaped, significantly mitigating common web vulnerabilities like XSS. The absence of unsanitized paths in taint analysis and no detected critical or high-severity taint flows further bolster confidence in the code's safety.

However, a significant concern arises from the presence of a dangerous function, `unserialize`. While the static analysis doesn't explicitly show a vulnerable flow related to it, `unserialize` is inherently risky when processing untrusted input, as it can lead to Remote Code Execution if not handled with extreme caution and proper input validation. Furthermore, the plugin's vulnerability history includes a past critical vulnerability, identified as SQL Injection. Although this critical issue is marked as currently unpatched, the fact that it existed and was critical indicates a potential for past oversight in security practices. The plugin does have nonce checks and capability checks, but their presence across all identified entry points is not explicitly detailed, and there are only a few instances of each noted in the static analysis.

In conclusion, "logdash-activity-log" v1.2 has strengths in its secure handling of SQL and output escaping, and a well-controlled attack surface. The primary weaknesses are the presence of the `unserialize` function, which demands careful scrutiny, and the historical critical vulnerability, which suggests a need for continued vigilance and rigorous testing. The limited number of nonce and capability checks, while present, might warrant further investigation to ensure comprehensive coverage of all potential attack vectors.

Key Concerns

Presence of dangerous unserialize function
Past critical vulnerability (SQL Injection)
Limited nonce checks found (3)
Limited capability checks found (2)

Vulnerabilities

LogDash Activity Log Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Critical

1 total CVE

CVE-2023-6030critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

LogDash Activity Log <= 1.1.3 - Unauthenticated SQL Injection

Oct 26, 2023 Patched in 1.1.4 (137d)

Code Analysis

Analyzed Mar 16, 2026

LogDash Activity Log Code Analysis

Dangerous Functions

Raw SQL Queries

34 prepared

Unescaped Output

90 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializereturn implode( ', ', unserialize( $value ) );src\Hooks\Users.php:447

SQL Query Safety

100% prepared34 total queries

Output Escaping

92% escaped98 total outputs

Data Flows

All sanitized

Data Flow Analysis

6 flows

display_events_page (src\Admin\EventsAdminPage.php:50)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

LogDash Activity Log Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 1

authwp_ajax_logdash_reset_logsrc\Actions\ResetLog.php:38

REST API Routes 1

GET/wp-json/logdash/v1ip/(?P<ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})src\API\RestEndpoints.php:17

WordPress Hooks 63

actioninitsrc\Actions\RemoveExpiredLog.php:32

actiondelete_expired_logsrc\Actions\RemoveExpiredLog.php:33

actionadmin_enqueue_scriptssrc\ActivityLog.php:35

actionwp_enqueue_scriptssrc\ActivityLog.php:36

actionadmin_menusrc\Admin\EventsAdminPage.php:22

actionadmin_menusrc\Admin\EventsAdminPage.php:23

actionadmin_menusrc\Admin\Settings.php:22

actionadmin_initsrc\Admin\Settings.php:23

actioninitsrc\Admin\Settings.php:24

actionrest_api_initsrc\API\RestEndpoints.php:12

action_core_updated_successfullysrc\Hooks\Core.php:23

actionadd_attachmentsrc\Hooks\Files.php:21

actiondelete_attachmentsrc\Hooks\Files.php:22

actionadmin_initsrc\Hooks\Files.php:23

actionlearndash_course_completedsrc\Hooks\LearnDash.php:32

actionupdate_post_metasrc\Hooks\Meta.php:25

actionupdated_post_metasrc\Hooks\Meta.php:26

actionadded_post_metasrc\Hooks\Meta.php:27

actiondeleted_post_metasrc\Hooks\Meta.php:28

filterlogdash_manage_columns-post-content_event_metasrc\Hooks\Meta.php:29

actionadmin_initsrc\Hooks\Plugins.php:25

actionactivated_pluginsrc\Hooks\Plugins.php:26

actiondeactivated_pluginsrc\Hooks\Plugins.php:27

actiondelete_pluginsrc\Hooks\Plugins.php:28

actiondeleted_pluginsrc\Hooks\Plugins.php:29

actionupgrader_process_completesrc\Hooks\Plugins.php:30

actionshutdownsrc\Hooks\Plugins.php:31

actionpre_post_updatesrc\Hooks\Posts.php:57

actionwp_trash_postsrc\Hooks\Posts.php:58

actionuntrash_postsrc\Hooks\Posts.php:59

actiondelete_postsrc\Hooks\Posts.php:60

actionpost_stucksrc\Hooks\Posts.php:61

actionpost_unstucksrc\Hooks\Posts.php:62

actionsave_postsrc\Hooks\Posts.php:63

actionadded_post_metasrc\Hooks\Posts.php:64

actionupdate_post_metasrc\Hooks\Posts.php:65

actionupdated_post_metasrc\Hooks\Posts.php:66

actiondeleted_post_metasrc\Hooks\Posts.php:67

actionset_object_termssrc\Hooks\Posts.php:68

actionadded_optionsrc\Hooks\Settings.php:65

actiondelete_optionsrc\Hooks\Settings.php:66

actiondeleted_optionsrc\Hooks\Settings.php:67

actionupdated_optionsrc\Hooks\Settings.php:68

actioncreate_termsrc\Hooks\Taxonomies.php:28

actiondelete_termsrc\Hooks\Taxonomies.php:29

actionedit_termsrc\Hooks\Taxonomies.php:30

actionedited_termsrc\Hooks\Taxonomies.php:31

filterlogdash_manage_columns-tag-content_event_metasrc\Hooks\Taxonomies.php:33

filterlogdash_manage_columns-category-content_event_metasrc\Hooks\Taxonomies.php:34

filterlogdash_manage_columns-taxonomy-content_event_metasrc\Hooks\Taxonomies.php:35

actionadmin_initsrc\Hooks\Themes.php:27

actionswitch_themesrc\Hooks\Themes.php:28

actiondelete_themesrc\Hooks\Themes.php:29

actiondeleted_themesrc\Hooks\Themes.php:30

actionupgrader_process_completesrc\Hooks\Themes.php:31

actionshutdownsrc\Hooks\Themes.php:32

actionuser_registersrc\Hooks\Users.php:26

actiondeleted_usersrc\Hooks\Users.php:27

actionprofile_updatesrc\Hooks\Users.php:28

actionwp_loginsrc\Hooks\Users.php:29

actionwp_logoutsrc\Hooks\Users.php:30

actionwp_login_failedsrc\Hooks\Users.php:31

actionadmin_initsrc\Hooks\Users.php:34

Scheduled Events 1

delete_expired_log

Maintenance & Trust

LogDash Activity Log Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedJul 11, 2024

PHP min version7.4

Downloads3K

Community Trust

Rating100/100

Number of ratings2

Active installs100

Alternatives

LogDash Activity Log Alternatives

Activity Log – Monitor & Record User Changes

aryo-activity-log

This top rated Activity Log plugin helps you monitor & log all changes and actions on your WordPress site, so you can remain secure and organized.

200K 9 CVEs

WP Admin Audit

wp-admin-audit

100

WP Admin Audit monitors the security-relevant activities on your site, keeps an event log and tells you when something out of the ordinary happens.

1K No CVEs

User Logs

user-logs

100

User Logs plugin allows you to monitor user activity on your website. View user logins, logouts, comments and user registrations.

10 No CVEs

Activity Monitor Pro

activity-monitor-pro

100

Comprehensive activity monitoring, undo system, and AI-powered anomaly detection for WordPress.

0 No CVEs

EMW Monitor Activity Log

emw-monitor-activity-log

100

Track and review important user and admin activity in WordPress.

0 No CVEs

Developer Profile

LogDash Activity Log Developer Profile

Deryck

3 plugins · 400 total installs

trust score

Avg Security Score

88/100

Avg Patch Time

93 days

View full developer profile

Detection Fingerprints

How We Detect LogDash Activity Log

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/logdash-activity-log/assets/build/index.js/wp-content/plugins/logdash-activity-log/assets/build/index.css

Script Paths

/wp-content/plugins/logdash-activity-log/assets/build/index.js

Version Parameters

logdash-activity-log/assets/build/index.js?ver=logdash-activity-log/assets/build/index.css?ver=

HTML / DOM Fingerprints

Data Attributes

data-logdash-events-page

REST Endpoints

/wp-json/logdash/v1/ip/

FAQ