Does User Activity Logger have any unpatched vulnerabilities?

No. All known vulnerabilities in User Activity Logger have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is User Activity Logger compatible with WordPress 4.9.29?

According to WordPress.org data, User Activity Logger 0.0.2 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

Is User Activity Logger compatible with PHP 5.4+?

User Activity Logger requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is User Activity Logger updated?

User Activity Logger was last updated on Dec 5, 2017. Frequent updates are generally a positive security signal.

What is User Activity Logger's security score?

User Activity Logger has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

User Activity Logger Security & Risk Analysis

wordpress.org/plugins/user-activity-logger

User Activity Logger

10 active installs v0.0.2 PHP 5.4+ WP 3.8+ Updated Dec 5, 2017

activity-trackerloggeruser

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is User Activity Logger Safe to Use in 2026?

Generally Safe

Score 85/100

User Activity Logger has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The 'user-activity-logger' plugin v0.0.2 presents a mixed security posture. On the positive side, it demonstrates good security practices by having no recorded CVEs, no critical or high severity taint flows, and utilizing prepared statements for all SQL queries. The presence of nonce and capability checks on its single AJAX handler is also a strong indicator of security awareness. However, a significant concern lies in its output escaping. With only 10% of its 40 total outputs properly escaped, there is a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. This means user-supplied data, if not handled carefully, could be injected into the output and executed by the browser.

Key Concerns

Low percentage of properly escaped output

Vulnerabilities

None known

User Activity Logger Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

User Activity Logger Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

10% escaped40 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

klick_ual_ajax_handler (user-activity-logger.php:188)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

User Activity Logger Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_klick_ual_ajaxuser-activity-logger.php:63

WordPress Hooks 6

actionall_admin_noticesincludes\class-klick-ual-dashboard.php:43

actionadmin_menuuser-activity-logger.php:65

actionplugins_loadeduser-activity-logger.php:67

actionplugins_loadeduser-activity-logger.php:69

actionwp_loginuser-activity-logger.php:71

actionwp_logoutuser-activity-logger.php:73

Maintenance & Trust

User Activity Logger Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedDec 5, 2017

PHP min version5.4

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

User Activity Logger Alternatives

Adminify Activity Logs

adminify-activity-logs

100

Track WordPress dashboard activities with this free plugin. Monitor user actions, filter by time, role for complete site security and accountability

200 No CVEs

WP Cron Viewer and Manager

wp-cron-viewer-and-manager

Cron Viewer and Manager will help you view your WordPress Cron events right from the admin dashboard

10 No CVEs

WP Activity Log

wp-security-audit-log

The #1 user-rated activity log plugin for event logging, activity monitoring and change tracking.

300K 11 CVEs

Complete Security, Activity Log & WooCommerce Analytics Tracker – Activity Guard

notifier-to-slack

100

Track user, support forum & system activity log, monitor WooCommerce analytics with complete WordPress Security with activity guard.

60 No CVEs

Unbranded Portal Connector

unbranded-portal-connector

100

Log all of your user activity and report directly into your Unbranded Portal, without bloating your database.

50 No CVEs

Developer Profile

User Activity Logger Developer Profile

klickonit

17 plugins · 130 total installs

trust score

Avg Security Score

88/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect User Activity Logger

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/user-activity-logger/assets/css/user-activity-logger.css/wp-content/plugins/user-activity-logger/assets/js/user-activity-logger.js

Script Paths

/wp-content/plugins/user-activity-logger/assets/js/user-activity-logger.js

Version Parameters

user-activity-logger/assets/css/user-activity-logger.css?ver=user-activity-logger/assets/js/user-activity-logger.js?ver=

HTML / DOM Fingerprints

CSS Classes

klick-ual-dashboard-wrap

HTML Comments

+8 more

Data Attributes

data-klick-ual-nonce

JS Globals

Klick_Ual

FAQ