WP-Safety

Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity Security & Risk Analysis

wordpress.org/plugins/logtivity

Logtivity is the activity log service for WordPress admins. Logtivity is a unified activity log platform that tracks activity and errors across all yo …

2K active installs v3.3.7 PHP 7.4+ WP 4.7+ Updated Apr 15, 2026
activity-logerror-logerror-logsevent-monitoringuser-activity
99
A · Safe
CVEs total1
Unpatched0
Last CVEMay 8, 2026
Plugin page Download
Safety Verdict

Is Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity Safe to Use in 2026?

Generally Safe

Score 99/100

Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: May 8, 2026Updated 29d ago
Risk Assessment

The logtivity plugin, version 3.3.6, exhibits a generally strong security posture based on the provided static analysis. The plugin demonstrates excellent adherence to secure coding practices by implementing robust authentication and permission checks across all identified entry points, including its AJAX handlers and REST API routes. The absence of dangerous functions, raw SQL queries, file operations, and critical or high-severity taint flows further bolsters this positive assessment. The presence of nonce and capability checks further indicates a conscious effort to protect against common WordPress attack vectors.

However, there are a couple of areas for potential improvement. While the overall output escaping is at 63%, this means a significant portion of outputs are not properly escaped, which could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is involved in these unescaped outputs. Additionally, the plugin makes two external HTTP requests, which, while not inherently a vulnerability, represent an external dependency that could be a vector for future issues if the external service is compromised or if data is not handled securely during the request and response.

The vulnerability history being entirely clear is a significant strength, suggesting a mature and well-maintained codebase. The lack of any recorded CVEs, common vulnerability types, or recent past issues indicates a likely commitment to security by the developers. In conclusion, logtivity 3.3.6 appears to be a secure plugin with a strong foundation, but the moderate rate of unescaped output warrants attention to prevent potential XSS flaws.

Key Concerns

  • Moderate rate of unescaped output
  • External HTTP requests present
Vulnerabilities
1 published

Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-8198medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity <= 3.3.6 - Unauthenticated Information Disclosure via REST API

May 8, 2026 Patched in 3.3.7 (1d)
Version History

Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity Release Timeline

v3.3.7Current
v3.3.61 CVE
CVE-2026-8198
v3.3.51 CVE
CVE-2026-8198
v3.3.41 CVE
CVE-2026-8198
v3.3.31 CVE
CVE-2026-8198
v3.3.21 CVE
CVE-2026-8198
v3.3.11 CVE
CVE-2026-8198
v3.3.01 CVE
CVE-2026-8198
v3.2.11 CVE
CVE-2026-8198
v3.2.01 CVE
CVE-2026-8198
v3.1.121 CVE
CVE-2026-8198
v3.1.111 CVE
CVE-2026-8198
v3.1.101 CVE
CVE-2026-8198
v3.1.91 CVE
CVE-2026-8198
v3.1.81 CVE
CVE-2026-8198
v3.1.71 CVE
CVE-2026-8198
v3.1.61 CVE
CVE-2026-8198
v3.1.51 CVE
CVE-2026-8198
v3.1.41 CVE
CVE-2026-8198
v3.1.31 CVE
CVE-2026-8198
Code Analysis
Analyzed Mar 16, 2026

Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
38
66 escaped
Nonce Checks
5
Capability Checks
9
File Operations
0
External Requests
2
Bundled Libraries
0

Output Escaping

63% escaped104 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
dismiss (Core\Admin\Logtivity_Dismiss_Notice_Controller.php:55)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity Attack Surface

Entry Points8
Unprotected0

AJAX Handlers 7

authwp_ajax_logtivity_update_settingsCore\Admin\Logtivity_Admin.php:45
noprivwp_ajax_logtivity_update_settingsCore\Admin\Logtivity_Admin.php:46
authwp_ajax_logtivity_register_siteCore\Admin\Logtivity_Admin.php:48
noprivwp_ajax_logtivity_dismiss_noticeCore\Admin\Logtivity_Dismiss_Notice_Controller.php:40
authwp_ajax_logtivity_dismiss_noticeCore\Admin\Logtivity_Dismiss_Notice_Controller.php:41
noprivwp_ajax_logtivity_log_index_filterCore\Admin\Logtivity_Log_Index_Controller.php:33
authwp_ajax_logtivity_log_index_filterCore\Admin\Logtivity_Log_Index_Controller.php:34

REST API Routes 1

GET/wp-json/logtivity/v1/optionsCore\Services\Logtivity_Rest_Endpoints.php:39
WordPress Hooks 99
actionadmin_menuCore\Admin\Logtivity_Admin.php:43
filterlogtivity_hide_from_menuCore\Admin\Logtivity_Admin.php:50
filterall_pluginsCore\Admin\Logtivity_Admin.php:51
actionwp_logtivity_instanceCore\Services\Logtivity_Check_For_Disabled_Individual_Logs.php:34
actionafter_setup_themeCore\Services\Logtivity_Check_For_New_Settings.php:29
actionrest_api_initCore\Services\Logtivity_Rest_Endpoints.php:38
filterthe_titlefunctions\functions.php:90
actioncode_snippets/delete_snippetLoggers\Code_Snippets\Logtivity_Code_Snippets.php:30
actioncode_snippets/create_snippetLoggers\Code_Snippets\Logtivity_Code_Snippets.php:31
actioncode_snippets/update_snippetLoggers\Code_Snippets\Logtivity_Code_Snippets.php:32
actioncode_snippets/activate_snippetLoggers\Code_Snippets\Logtivity_Code_Snippets.php:33
actioncode_snippets/deactivate_snippetLoggers\Code_Snippets\Logtivity_Code_Snippets.php:34
actioncomment_postLoggers\Core\Logtivity_Comment.php:29
actionwp_set_comment_statusLoggers\Core\Logtivity_Comment.php:30
actionunspam_commentLoggers\Core\Logtivity_Comment.php:31
actionupgrader_process_completeLoggers\Core\Logtivity_Core.php:109
actionwp_update_nav_menuLoggers\Core\Logtivity_Core.php:110
actioninitLoggers\Core\Logtivity_Core.php:111
actionpermalink_structure_changedLoggers\Core\Logtivity_Core.php:112
actionupdate_optionLoggers\Core\Logtivity_Core.php:113
filterwidget_update_callbackLoggers\Core\Logtivity_Core.php:115
actionactivated_pluginLoggers\Core\Logtivity_Plugin.php:32
actiondeactivated_pluginLoggers\Core\Logtivity_Plugin.php:33
actionupgrader_process_completeLoggers\Core\Logtivity_Plugin.php:34
actiondeleted_pluginLoggers\Core\Logtivity_Plugin.php:35
filtereditable_extensionsLoggers\Core\Logtivity_Plugin.php:37
actionadded_post_metaLoggers\Core\Logtivity_Post.php:123
actionupdated_post_metaLoggers\Core\Logtivity_Post.php:124
actiondelete_post_metaLoggers\Core\Logtivity_Post.php:125
actionpre_post_updateLoggers\Core\Logtivity_Post.php:129
actionsave_postLoggers\Core\Logtivity_Post.php:130
actionbefore_delete_postLoggers\Core\Logtivity_Post.php:131
actionafter_delete_postLoggers\Core\Logtivity_Post.php:132
actionset_object_termsLoggers\Core\Logtivity_Post.php:135
filterwp_handle_uploadLoggers\Core\Logtivity_Post.php:139
actiondeleted_postLoggers\Core\Logtivity_Post.php:141
actionedit_termLoggers\Core\Logtivity_Term.php:50
actionsaved_termLoggers\Core\Logtivity_Term.php:51
actiondelete_termLoggers\Core\Logtivity_Term.php:52
actionswitch_themeLoggers\Core\Logtivity_Theme.php:32
actionupgrader_process_completeLoggers\Core\Logtivity_Theme.php:33
filterwp_theme_editor_filetypesLoggers\Core\Logtivity_Theme.php:34
actioncustomize_saveLoggers\Core\Logtivity_Theme.php:35
actiondelete_site_transient_update_themesLoggers\Core\Logtivity_Theme.php:36
actionwp_loginLoggers\Core\Logtivity_User.php:42
actionwp_logoutLoggers\Core\Logtivity_User.php:43
actionuser_registerLoggers\Core\Logtivity_User.php:44
actiondeleted_userLoggers\Core\Logtivity_User.php:45
actionpersonal_options_updateLoggers\Core\Logtivity_User.php:47
actionedit_user_profile_updateLoggers\Core\Logtivity_User.php:48
actionupdate_user_metaLoggers\Core\Logtivity_User.php:49
actionprofile_updateLoggers\Core\Logtivity_User.php:50
actionretrieve_passwordLoggers\Core\Logtivity_User.php:51
actionwp_set_passwordLoggers\Core\Logtivity_User.php:52
actionset_user_roleLoggers\Core\Logtivity_User.php:55
actiondlm_downloadingLoggers\Download_Monitor\Logtivity_Download_Monitor.php:32
actionedd_sl_store_licenseLoggers\Easy_Digital_Downloads\Licensing\Logtivity_Easy_Digital_Downloads_Software_Licensing.php:30
filteredd_sl_post_activate_license_resultLoggers\Easy_Digital_Downloads\Licensing\Logtivity_Easy_Digital_Downloads_Software_Licensing.php:31
filteredd_sl_pre_deactivate_license_argsLoggers\Easy_Digital_Downloads\Licensing\Logtivity_Easy_Digital_Downloads_Software_Licensing.php:32
actionedd_sl_deactivate_licenseLoggers\Easy_Digital_Downloads\Licensing\Logtivity_Easy_Digital_Downloads_Software_Licensing.php:33
actionedd_sl_license_upgradedLoggers\Easy_Digital_Downloads\Licensing\Logtivity_Easy_Digital_Downloads_Software_Licensing.php:34
actionedd_sl_post_set_statusLoggers\Easy_Digital_Downloads\Licensing\Logtivity_Easy_Digital_Downloads_Software_Licensing.php:35
actionedd_sl_post_license_renewalLoggers\Easy_Digital_Downloads\Licensing\Logtivity_Easy_Digital_Downloads_Software_Licensing.php:36
actionedd_deactivate_siteLoggers\Easy_Digital_Downloads\Licensing\Logtivity_Easy_Digital_Downloads_Software_Licensing.php:37
actionedd_insert_siteLoggers\Easy_Digital_Downloads\Licensing\Logtivity_Easy_Digital_Downloads_Software_Licensing.php:38
actionedd_post_add_to_cartLoggers\Easy_Digital_Downloads\Logtivity_Easy_Digital_Downloads.php:29
actionedd_post_remove_from_cartLoggers\Easy_Digital_Downloads\Logtivity_Easy_Digital_Downloads.php:30
actionedd_customer_post_createLoggers\Easy_Digital_Downloads\Logtivity_Easy_Digital_Downloads.php:31
actionedd_update_payment_statusLoggers\Easy_Digital_Downloads\Logtivity_Easy_Digital_Downloads.php:32
actionedd_process_verified_downloadLoggers\Easy_Digital_Downloads\Logtivity_Easy_Digital_Downloads.php:33
actionedd_cart_discount_setLoggers\Easy_Digital_Downloads\Logtivity_Easy_Digital_Downloads.php:34
actionedd_cart_discount_removedLoggers\Easy_Digital_Downloads\Logtivity_Easy_Digital_Downloads.php:35
actionedd_subscription_post_renewLoggers\Easy_Digital_Downloads\Recurring\Logtivity_Easy_Digital_Downloads_Recurring.php:29
actionedd_subscription_post_createLoggers\Easy_Digital_Downloads\Recurring\Logtivity_Easy_Digital_Downloads_Recurring.php:30
actionedd_recurring_update_subscriptionLoggers\Easy_Digital_Downloads\Recurring\Logtivity_Easy_Digital_Downloads_Recurring.php:31
actionedd_subscription_status_changeLoggers\Easy_Digital_Downloads\Recurring\Logtivity_Easy_Digital_Downloads_Recurring.php:32
actionedd_recurring_before_delete_subscriptionLoggers\Easy_Digital_Downloads\Recurring\Logtivity_Easy_Digital_Downloads_Recurring.php:33
actionedd_recurring_update_subscription_payment_methodLoggers\Easy_Digital_Downloads\Recurring\Logtivity_Easy_Digital_Downloads_Recurring.php:34
actionfrm_after_create_entryLoggers\Formidable\Logtivity_Formidable.php:39
actionmepr-event-member-signup-completedLoggers\Memberpress\Logtivity_Memberpress.php:185
actionmepr-event-subscription-createdLoggers\Memberpress\Logtivity_Memberpress.php:186
actionmepr-event-subscription-pausedLoggers\Memberpress\Logtivity_Memberpress.php:187
actionmepr-event-subscription-resumedLoggers\Memberpress\Logtivity_Memberpress.php:188
actionmepr-event-subscription-stoppedLoggers\Memberpress\Logtivity_Memberpress.php:189
actioninitLoggers\Memberpress\Logtivity_Memberpress.php:190
filtermepr_create_transactionLoggers\Memberpress\Logtivity_Memberpress.php:191
filtermepr_update_transactionLoggers\Memberpress\Logtivity_Memberpress.php:192
actionmepr_email_sentLoggers\Memberpress\Logtivity_Memberpress.php:193
actionmepr-process-optionsLoggers\Memberpress\Logtivity_Memberpress.php:194
actionpmxi_before_xml_importLoggers\WP_All_Import\Logtivity_WP_All_Import.php:38
actionpmxi_after_xml_importLoggers\WP_All_Import\Logtivity_WP_All_Import.php:39
actionwp_logtivity_instanceLoggers\WP_All_Import\Logtivity_WP_All_Import.php:85
actionupgrader_process_completelogtivity.php:75
actionactivated_pluginlogtivity.php:76
actionadmin_noticeslogtivity.php:77
actionadmin_noticeslogtivity.php:78
actionadmin_enqueue_scriptslogtivity.php:79
actionadmin_initlogtivity.php:80
actionplugins_loadedlogtivity.php:131
Maintenance & Trust

Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 15, 2026
PHP min version7.4
Downloads47K

Community Trust

Rating100/100
Number of ratings4
Active installs2K
Alternatives

Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity Alternatives

Activity Log Pro – Event Logger, Activity Monitor & Audit Log

Activity Log Pro – Event Logger, Activity Monitor & Audit Log

activity-log-pro

A
100

Professional WordPress Activity Log. Track logins, user actions, content changes, and system events to see who did what, when, and where.

200 No CVEs
LogDash Activity Log

LogDash Activity Log

logdash-activity-log

A
90

The ultimate solution for tracking activities and security issues on your WordPress site.

100 1 CVE
Activity Track – User Activity Log

Activity Track – User Activity Log

activity-track

A
100

User activity log for WordPress — track logins, edits, and admin actions with real-time alerts, audit trail, and AI-powered summaries.

10 No CVEs
Stalkfish – Error Monitoring and Activity Log Monitoring

Stalkfish – Error Monitoring and Activity Log Monitoring

stalkfish

A
85

Stalkfish actively tracks error, crashes, and activity log on your WordPress site and sends them to your Stalkfish dashboard.

10 No CVEs
User Logs

User Logs

user-logs

A
100

User Logs plugin allows you to monitor user activity on your website. View user logins, logouts, comments and user registrations.

10 No CVEs
Developer Profile

Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity Developer Profile

Logtivity Activity Logs

1 plugin · 2K total installs

99
trust score
Avg Security Score
99/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/logtivity/Logtivity.php/wp-content/plugins/logtivity/Core/UpdateChecker.php/wp-content/plugins/logtivity/Core/Logtivity_Options.php/wp-content/plugins/logtivity/Core/Logtivity_Admin.php/wp-content/plugins/logtivity/Core/Logtivity_Ajax.php/wp-content/plugins/logtivity/Core/Logtivity_API.php/wp-content/plugins/logtivity/Core/Logtivity_Logger.php/wp-content/plugins/logtivity/Core/Logtivity_Helpers.php+29 more

HTML / DOM Fingerprints

CSS Classes
logtivity-admin-wraplogtivity-main-contentlogtivity-tablelogtivity-filter-formlogtivity-log-detail
HTML Comments
Logtivity is free software: you can redistribute it and/or modifyLogtivity is distributed in the hope that it will be usefulThis file is part of Logtivity.
Data Attributes
data-logtivity-iddata-logtivity-type
JS Globals
logtivity_settingslogtivity_ajax_url
REST Endpoints
/wp-json/logtivity/v1/logs/wp-json/logtivity/v1/settings
FAQ

Frequently Asked Questions about Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity