WP-Safety

Nashaat Activity Log Security & Risk Analysis

wordpress.org/plugins/nashaat-activity-log

Log site editors activity

10 active installs v1.2.4 PHP 7.0+ WP 5.3+ Updated Unknown
activityeventlogmonitorwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Nashaat Activity Log Safe to Use in 2026?

Generally Safe

Score 100/100

Nashaat Activity Log has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The 'nashaat-activity-log' plugin v1.2.4 exhibits a mixed security posture. On the positive side, it has a clean vulnerability history with no known CVEs, and the code generally follows good practices like using prepared statements for most SQL queries and properly escaping a high percentage of outputs. The absence of external HTTP requests and bundled libraries further reduces potential attack vectors. However, concerns arise from the static analysis. A significant weakness is the presence of one AJAX handler that lacks authentication checks, creating an unprotected entry point. Furthermore, the taint analysis revealed one flow with an unsanitized path, which, although not classified as critical or high severity, still represents a potential avenue for exploitation if an attacker can control the input leading to that path. The limited number of flows analyzed by taint analysis might also mean that other potentially problematic flows were not identified.

Key Concerns

  • Unprotected AJAX handler
  • Taint flow with unsanitized path
  • SQL queries not using prepared statements (2/5)
Vulnerabilities
None known

Nashaat Activity Log Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Nashaat Activity Log Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
6 prepared
Unescaped Output
2
27 escaped
Nonce Checks
2
Capability Checks
3
File Operations
2
External Requests
0
Bundled Libraries
0

SQL Query Safety

50% prepared12 total queries

Output Escaping

93% escaped29 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
render_nashaat_log_table (includes\nashaat.class.php:144)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Nashaat Activity Log Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 2

authwp_ajax_delete_single_recordincludes\logs-table.class.php:25
authwp_ajax_purge_log_dataincludes\settings.class.php:23
WordPress Hooks 11
filternashaat_translationshooks\gravity\gravity.class.php:17
filternashaat_translationsincludes\base-hook.class.php:120
actionadmin_initincludes\nashaat.class.php:27
actionadmin_initincludes\nashaat.class.php:28
actionadmin_menuincludes\nashaat.class.php:30
actionadmin_enqueue_scriptsincludes\nashaat.class.php:32
filterset-screen-optionincludes\nashaat.class.php:33
actionadmin_initincludes\settings.class.php:22
actionnashaat_cron_purge_after_daysincludes\settings.class.php:30
actionnashaat_initindex.php:24
actionplugins_loadedsetup.class.php:33

Scheduled Events 1

nashaat_cron_purge_after_days
Maintenance & Trust

Nashaat Activity Log Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedUnknown
PHP min version7.0
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Nashaat Activity Log Alternatives

Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity

Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity

logtivity

A
100

Logtivity is the activity log service for WordPress admins. Logtivity is a unified activity log platform that tracks activity and errors across all yo …

2K No CVEs
Simple History – Track, Log, and Audit WordPress Changes

Simple History – Track, Log, and Audit WordPress Changes

simple-history

A
96

Track changes and user activities on your WordPress site. See who created a page, uploaded an attachment, and more, for a complete audit trail.

300K 4 CVEs
WP Activity Log

WP Activity Log

wp-security-audit-log

B
82

The #1 user-rated activity log plugin for event logging, activity monitoring and change tracking.

300K 11 CVEs
Honeypot Toolkit

Honeypot Toolkit

honeypot-toolkit

A
100

Automatically insert Project Honeypot links into your pages and block IP addresses that are listed on various block lists you can choose from.

400 No CVEs
Adminify Activity Logs

Adminify Activity Logs

adminify-activity-logs

A
100

Track WordPress dashboard activities with this free plugin. Monitor user actions, filter by time, role for complete site security and accountability

200 No CVEs
Developer Profile

Nashaat Activity Log Developer Profile

Kalimah Apps

4 plugins · 1K total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Nashaat Activity Log

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/nashaat-activity-log/css/main-style.css/wp-content/plugins/nashaat-activity-log/js/main-script.js/wp-content/plugins/nashaat-activity-log/css/settings-style.css/wp-content/plugins/nashaat-activity-log/js/settings-script.js
Version Parameters
nashaat-activity-log/css/main-style.css?ver=nashaat-activity-log/js/main-script.js?ver=nashaat-activity-log/css/settings-style.css?ver=nashaat-activity-log/js/settings-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
nashaat-log-filternashaat-log-table
HTML Comments
<!-- WooCommerce --><!-- Gravity --><!-- User switching --><!-- WP Crontrol -->+2 more
Data Attributes
data:image/svg+xml;base64,
JS Globals
vars.nashaat_nonce
FAQ

Frequently Asked Questions about Nashaat Activity Log