[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fTAq_NNqg2Ir8RRtsHDFXrFZH_F1ZyebrdDse1RyqH-Y":3,"$foeB6zzujYEpAkm8y2UmnBz6OEivsTAnsqPlo7n2BFjU":1433,"$fH9rCZRcNzvTpiYw7kwBLC-i6w0t44ku6gR64RwfIMJM":1437},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":122,"crawl_stats":39,"alternatives":129,"analysis":249,"fingerprints":1413},"winterlock","Activity Log for WordPress","1.2.9","activity-log.com","https:\u002F\u002Fprofiles.wordpress.org\u002Fswitcorp\u002F","\u003Ch3>WP System Log \u002F Activity Log for WordPress\u003C\u002Fh3>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FVWI1WvlQQa8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>New most detailed \u003Cstrong>WP User Tracking\u003C\u002Fstrong>, Control and \u003Cstrong>Requests Logging Plugin\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>You will see very detailed report what people or even other plugins are doing on your site, then block or be alerted on such requests or even logout user immediately.\u003C\u002Fp>\n\u003Cp>Detect any request, activity log and control based on specific criteria, lock, block, email alert, hide etc.\u003C\u002Fp>\n\u003Cp>Working based on low level logging, can log any user request. This may help you to monitor any user, any plugin and investigate possible problems.\u003C\u002Fp>\n\u003Cp>Plugin is made with performance in mind, build on optimized custom tables.\u003C\u002Fp>\n\u003Cp>Just install it and everything will work without any special setup.\u003C\u002Fp>\n\u003Cp>If you have any trouble or suggestion feel free to contact us, we always looking for improvements: support@swit.hr\u003C\u002Fp>\n\u003Cp>If you need more detiled time tracking log check our Activity Time plugin: https:\u002F\u002Fwordpress.org\u002Fplugins\u002Factivitytime\u002F\u003C\u002Fp>\n\u003Cp>Now we have also official website: \u003Ca href=\"https:\u002F\u002Factivity-log.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Factivity-log.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>And GitHub Knowledge Base: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsandiwinter\u002Fwordpress-activity-log\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fsandiwinter\u002Fwordpress-activity-log\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Activity Log for WordPress Standard Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Very detailed requests log\u003C\u002Fli>\n\u003Cli>Detail Search Filters\u003C\u002Fli>\n\u003Cli>User Steps Behaviour Tracking\u003C\u002Fli>\n\u003Cli>Works with all plugins\u003C\u002Fli>\n\u003Cli>Track specific user requests history\u003C\u002Fli>\n\u003Cli>Hide logs by criteria\u003C\u002Fli>\n\u003Cli>General Search Filter\u003C\u002Fli>\n\u003Cli>Detail Search Filters\u003C\u002Fli>\n\u003Cli>Fast pagination with Ajax\u003C\u002Fli>\n\u003Cli>Disable User Sessions\u002FLogout user\u003C\u002Fli>\n\u003Cli>User Login Time and Session Time in WP\u003C\u002Fli>\n\u003Cli>See Logged Users\u003C\u002Fli>\n\u003Cli>Favorite \u002F Save Logs for later usage\u003C\u002Fli>\n\u003Cli>Retroactive History System Log Before Plugin is installed\u003C\u002Fli>\n\u003Cli>Retroactive History System Log Export\u003C\u002Fli>\n\u003Cli>View changes in posts revision\u003C\u002Fli>\n\u003Cli>Will log all requests in any plugin\u003C\u002Fli>\n\u003Cli>Intrusion detection system\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Activity Log for WordPress Premium features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All level logs\u003C\u002Fli>\n\u003Cli>Email Notifications\u003C\u002Fli>\n\u003Cli>Block System\u003C\u002Fli>\n\u003Cli>Unlimited days logging\u003C\u002Fli>\n\u003Cli>Block users on fail login attemps\u003C\u002Fli>\n\u003Cli>Log reports and exports\u003C\u002Fli>\n\u003Cli>Automated Reports by Email\u003C\u002Fli>\n\u003Cli>Automated Events by SMS\u003C\u002Fli>\n\u003Cli>Login alert by SMS, WhatsApp or Email\u003C\u002Fli>\n\u003Cli>Live Monitoring \u003C\u002Fli>\n\u003Cli>Cloud integration\u003C\u002Fli>\n\u003Cli>Priority Support \u003C\u002Fli>\n\u003Cli>Log By User Role\u003C\u002Fli>\n\u003Cli>Sessions CSV Export\u003C\u002Fli>\n\u003Cli>Automatically disable brute force attack on login forms\u003C\u002Fli>\n\u003Cli>Export User Login Time and Session Time in WP\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>We using images and apis from wordpress.org to show plugin details\u003C\u002Fp>\n\u003Ch3>Update\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to Dashboard, Update\u003C\u002Fli>\n\u003C\u002Fol>\n","Detailed WordPress Activity Log with user request tracking, instant logout, request restrictions, locking, blocking, alerts, and more.",60,10536,88,7,"2026-02-11T21:30:00.000Z","6.9.4","5.0","",[20,21,22,23,24],"access-restriction","activity-log","events-log","requests-log","system-log","https:\u002F\u002Factivity-log.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwinterlock.zip",95,4,0,"2026-03-17 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[34,70,91,106],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":41,"severity":42,"cvss_score":43,"cvss_vector":44,"vuln_type":45,"published_date":30,"updated_date":46,"references":47,"days_to_patch":49,"patch_diff_files":50,"patch_trac_url":39,"research_status":59,"research_verified":60,"research_rounds_completed":61,"research_plan":62,"research_summary":63,"research_vulnerable_code":64,"research_fix_diff":65,"research_exploit_outline":66,"research_model_used":67,"research_started_at":68,"research_completed_at":69,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":60,"poc_model_used":39,"poc_verification_depth":39},"CVE-2026-24987","activity-log-for-wordpress-missing-authorization","Activity Log for WordPress \u003C= 1.2.7 - Missing Authorization","The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.",null,"\u003C=1.2.7","1.2.8","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2026-03-27 20:25:37",[48],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Faa93cf13-0578-447e-8b03-24f5f48fc782?source=api-prod",11,[51,52,53,54,55,56,57,58],"README.txt","application\u002Fcontrollers\u002FWal_cloudintegration.php","application\u002Fcontrollers\u002FWal_controlsecurity.php","application\u002Fcontrollers\u002FWal_disabledlogs.php","application\u002Fcontrollers\u002FWal_history.php","application\u002Fcontrollers\u002FWal_logalerts.php","application\u002Fcontrollers\u002FWal_reports.php","application\u002Fcontrollers\u002FWal_usersessions.php","researched",false,3,"# Exploitation Research Plan: CVE-2026-24987 (Activity Log for WordPress)\n\n## 1. Vulnerability Summary\nThe **Activity Log for WordPress (winterlock)** plugin \u003C= 1.2.7 suffers from a **Missing Authorization** vulnerability. The plugin uses a custom MVC framework (Winter MVC) where controller methods are mapped to `admin.php` pages via the `page` and `function` query parameters. Multiple sensitive functions in controllers like `Wal_history`, `Wal_reports`, and `Wal_cloudintegration` lack capability checks (`current_user_can` or the plugin's internal `wal_access_allowed`) and nonce verification. This allows authenticated users with Subscriber-level access to perform unauthorized actions, such as modifying log favorites or creating system reports.\n\n## 2. Attack Vector Analysis\n- **Endpoint**: `\u002Fwp-admin\u002Fadmin.php`\n- **Query Parameters**: \n - `page`: The controller slug (e.g., `wal_history`, `wal_reports`).\n - `function`: The method to execute (e.g., `save_history`, `report_edit`).\n- **Required Role**: Subscriber (or any authenticated user).\n- **Nonce**: None required for the vulnerable methods identified.\n- **Payload**:\n - For `save_history`: `id` (the ID of the activity log entry).\n - For `report_edit`: POST parameters like `report_name`, `report_email`, etc.\n\n## ","The Activity Log for WordPress plugin (winterlock) lacks capability checks and nonce verification on numerous controller methods exposed through its custom MVC routing. This allows authenticated attackers with Subscriber-level permissions to perform unauthorized actions such as modifying log records, creating\u002Fediting system reports, and accessing sensitive log data via AJAX-style datatable endpoints.","\u002F\u002F application\u002Fcontrollers\u002FWal_history.php lines 61-68\n\tpublic function save_history()\n\t{\n $this->load->model('History_m');\n\n $id = $this->input->post_get('id');\n\n $this->history_m->update(array('is_favourite'=>1), $id);\n\n exit();\n }\n\n---\n\n\u002F\u002F application\u002Fcontrollers\u002FWal_reports.php lines 17-30\n public function report_edit()\n {\n $this->load->model('log_m');\n $this->load->model('report_m');\n\n $report_id = $this->input->post_get('id');\n\n \u002F\u002F Prepare db data\n $this->data['db_data'] = NULL;\n\n if(!empty($report_id))\n $this->data['db_data'] = $this->report_m->get($report_id, TRUE);\n\n---\n\n\u002F\u002F application\u002Fcontrollers\u002FWal_history.php lines 79-85\n\tpublic function datatable()\n\t{\n \u002F\u002F$this->enable_error_reporting();\n remove_action( 'shutdown', 'wp_ob_end_flush_all', 1 );\n\n \u002F\u002F configuration\n $columns = array('idhistory', 'level', 'date', 'avatar', 'user_info', 'description', 'page', 'action');","diff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fwinterlock\u002F1.2.7\u002Fapplication\u002Fcontrollers\u002FWal_cloudintegration.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fwinterlock\u002F1.2.8\u002Fapplication\u002Fcontrollers\u002FWal_cloudintegration.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fwinterlock\u002F1.2.7\u002Fapplication\u002Fcontrollers\u002FWal_cloudintegration.php\t2026-01-17 14:00:10.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fwinterlock\u002F1.2.8\u002Fapplication\u002Fcontrollers\u002FWal_cloudintegration.php\t2026-02-11 21:30:56.000000000 +0000\n@@ -277,6 +277,14 @@\n \t\u002F\u002F json for datatables\n \tpublic function datatable()\n \t{\n+\n+ if ( ! current_user_can( 'administrator' ) ) {\n+ exit();\n+ }\n+ \n+ check_ajax_referer('winterlock_secure_ajax', 'winterlock_secure');\n+\n+\n \u002F\u002F$this->enable_error_reporting();\n remove_action( 'shutdown', 'wp_ob_end_flush_all', 1 );\n \ndiff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fwinterlock\u002F1.2.7\u002Fapplication\u002Fcontrollers\u002FWal_history.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fwinterlock\u002F1.2.8\u002Fapplication\u002Fcontrollers\u002FWal_history.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fwinterlock\u002F1.2.7\u002Fapplication\u002Fcontrollers\u002FWal_history.php\t2026-01-17 14:00:10.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fwinterlock\u002F1.2.8\u002Fapplication\u002Fcontrollers\u002FWal_history.php\t2026-02-11 21:30:56.000000000 +0000\n@@ -71,6 +71,13 @@\n \t\u002F\u002F json for datatables\n \tpublic function datatable()\n \t{\n+\n+ if ( ! current_user_can( 'administrator' ) ) {\n+ exit();\n+ }\n+ \n+ check_ajax_referer('winterlock_secure_ajax', 'winterlock_secure');\n+ \n \u002F\u002F$this->enable_error_reporting();\n remove_action( 'shutdown', 'wp_ob_end_flush_all', 1 );","To exploit this vulnerability, an authenticated attacker with Subscriber-level access needs to access the WordPress admin panel and target the plugin's custom MVC router via `\u002Fwp-admin\u002Fadmin.php`. By manipulating the 'page' (controller) and 'function' (method) query parameters, the attacker can execute sensitive logic. For example, a GET request to `admin.php?page=wal_history&function=save_history&id=[LOG_ID]` allows unauthorized modification of activity log statuses. Similarly, POST requests to `admin.php?page=wal_reports&function=report_edit` can be used to create or modify system reports. Information disclosure is possible by hitting various `datatable` functions which return JSON-formatted system logs and user data without verifying the requester's administrative capabilities.","gemini-3-flash-preview","2026-04-18 03:11:35","2026-04-18 03:12:26",{"id":71,"url_slug":72,"title":73,"description":74,"plugin_slug":4,"theme_slug":39,"affected_versions":75,"patched_in_version":6,"severity":42,"cvss_score":76,"cvss_vector":77,"vuln_type":45,"published_date":78,"updated_date":79,"references":80,"days_to_patch":82,"patch_diff_files":83,"patch_trac_url":39,"research_status":59,"research_verified":60,"research_rounds_completed":61,"research_plan":84,"research_summary":85,"research_vulnerable_code":86,"research_fix_diff":87,"research_exploit_outline":88,"research_model_used":67,"research_started_at":89,"research_completed_at":90,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":60,"poc_model_used":39,"poc_verification_depth":39},"CVE-2026-1671","activity-log-for-wordpress-missing-authorization-to-sensitive-information-exposure-via-log-file","Activity Log for WordPress \u003C= 1.2.8 - Missing Authorization to Sensitive Information Exposure via Log File","The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winter_activity_log_action() function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view potentially sensitive information (e.g., the password of a higher level user, such as an administrator) contained in the exposed log files.","\u003C=1.2.8",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","2026-02-11 23:45:46","2026-02-12 12:31:50",[81],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5cec4c17-24c1-4ed3-a3d3-9404ad7af420?source=api-prod",1,[],"This research plan targets CVE-2026-1671, a missing authorization vulnerability in the **Activity Log for WordPress (winterlock)** plugin. The vulnerability allows Subscriber-level users to access sensitive activity logs, which may contain sensitive data such as plain-text passwords or administrative actions.\n\n---\n\n### 1. Vulnerability Summary\n* **Vulnerability:** Missing Authorization \u002F Sensitive Information Exposure\n* **Plugin:** Activity Log for WordPress (winterlock)\n* **Affected Versions:** \u003C= 1.2.8\n* **Vulnerable Function:** `winter_activity_log_action()`\n* **File Path:** `winter-activity-log.php` (inferred) or `includes\u002Fclass-winter-activity-log-admin.php` (inferred)\n* **Description:** The function `winter_activity_log_action()` handles requests to retrieve or download activity log files. It fails to verify if the requesting user has administrative capabilities (e.g., `manage_options`) and does not properly restrict access to the file download\u002Fviewing mechanism, allowing any authenticated user (Subscriber+) to read the logs.\n\n### 2. Attack Vector Analysis\n* **Endpoint:** `\u002Fwp-admin\u002Fadmin-ajax.php`\n* **Action:** `winter_activity_log_action`\n* **HTTP Method:** POST or GET (usually POST for AJAX)\n* **Parameters:**\n * `action`: `winter_activity_log_action`\n * `winter_activity_log_nonce`: (The nonce name, inferred from standard plugin naming)\n * `method`: Likely used to specify the operation, e.g., `download_log` or `view_log` (inferred).\n* **Authentication:** Subscriber-level credentials.\n* **Preconditions:** The plugin must have generated at least one log file.\n\n### 3. Code Flow (Inferred)\n1. **Registration:** The plugin registers the AJAX action:\n `add_action( 'wp_ajax_winter_activity_log_action', 'winter_activity_log_action' );`\n2. **Execution:** When a Subscriber calls this action, `winter_activity_log_action()` is executed.\n3. **Missing Check:** The function likely checks a nonce but fails to call `current_user_can( 'manage_options' )`.\n4. **Log Access:** The function identifies the path to the log file (often stored in `wp-content\u002Fuploads\u002Fwinter-logs\u002F` or similar) and either:\n * Outputs the file content directly using `readfile()`.\n * Returns a direct URL to the log file which is otherwise protected by `.htaccess` but accessible via the PHP script.\n5. **Sensitive Data:** The logs contain details of user logins, profile updates, and settings changes. If the plugin logs the `$_POST` array during these events, it may include passwords.\n\n### 4. Nonce Acquisition Strategy\nThe plugin likely localizes a nonce for the admin dashboard. Since Subscribers can access `wp-admin\u002Fprofile.php` or the dashboard, they can retrieve it.\n\n1. **Identify Shortcode\u002FPage:** Check if the plugin enqueues scripts on all admin pages.\n2. **Navigation:** Log in as a Subscriber and navigate to `\u002Fwp-admin\u002Findex.php`.\n3. **Extraction:**\n * Look for `wp_localize_script` output in the HTML source.\n * Common variable names: `winterlock_params`, `winter_activity_log_obj`.\n * **JS Command:** `browser_eval(\"window.winterlock_params?.nonce\")` or `browser_eval(\"window.winter_activity_log_obj?.nonce\")`.\n\n### 5. Exploitation Strategy\n\n#### Step 1: Authentication\nLogin as a Subscriber user using the `http_request` tool to obtain session cookies.\n\n#### Step 2: Nonce Extraction\nNavigate to the WordPress dashboard and extract the nonce using `browser_eval`.\n\n#### Step 3: Trigger Log Exposure\nSend an AJAX request to retrieve the log content.\n\n**Request Template:**\n* **URL:** `http:\u002F\u002Flocalhost:8080\u002Fwp-admin\u002Fadmin-ajax.php`\n* **Method:** `POST`\n* **Headers:** `Content-Type: application\u002Fx-www-form-urlencoded`\n* **Body:**\n ```\n action=winter_activity_log_action&winter_activity_log_nonce=[NONCE]&method=download_log\n ```\n *(Note: The parameter `method` and its value `download_log` are inferred based on common patterns; the agent should check the source for the exact parameter name like `log_action` or `sub_action`.)*\n\n#### Step 4: Parse Sensitive Data\nInspect the response body. Look for logged entries related to user logins or profile updates.\nExample log format: `[Date] [User] [Action] [Data: {\"user_pass\": \"...\"}]`\n\n### 6. Test Data Setup\n1. **Install Plugin:** Activity Log for WordPress \u003C= 1.2.8.\n2. **Create Users:**\n * Administrator: `admin_user` \u002F `admin_password123`\n * Subscriber: `sub_user` \u002F `sub_password123`\n3. **Generate Activity:**\n * As Administrator, go to \"Settings\" and change a value.\n * As Administrator, create a new user or update your own profile. This ensures the log file is populated with \"sensitive\" data.\n4. **Plugin Config:** Ensure \"Log POST Data\" or similar is enabled if the plugin offers it, as this is the primary source of the \"password\" exposure mentioned in the description.\n\n### 7. Expected Results\n* The `admin-ajax.php` request returns a `200 OK` status.\n* The response body contains the raw contents of an activity log file.\n* The log file contains details of actions performed by the Administrator, which should be invisible to a Subscriber.\n\n### 8. Verification Steps\n1. **Verify via WP-CLI:**\n * Check that the file exists on disk: `wp eval \"echo get_upload_iframe_src('winter-logs');\"` (Path discovery).\n * Compare the content received via the AJAX exploit with the content on disk: `cat \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fuploads\u002Fwinter-logs\u002Factivity.log`.\n2. **Confirm Lack of Auth:**\n * Search the plugin code for the AJAX handler: `grep -r \"winter_activity_log_action\" .`\n * Confirm the absence of `current_user_can` within the function body.\n\n### 9. Alternative Approaches\n* **Direct Path Traversal:** If the `method` parameter takes a filename, check for path traversal (e.g., `..\u002F..\u002F..\u002F..\u002Fwp-config.php`).\n* **Log Export Action:** If there is a \"Export to CSV\" feature, it might use a different action like `winter_activity_log_export`.\n* **Frontend Exposure:** Check if the plugin registers `wp_ajax_nopriv_winter_activity_log_action`, which would upgrade this to an Unauthenticated Information Exposure (though the CVE states Subscriber+).","The Activity Log for WordPress plugin fails to perform a capability check in its winter_activity_log_action() AJAX handler, which allows authenticated users with Subscriber-level access to download or view activity logs. These logs can contain sensitive information, including user activity details and potentially administrative passwords captured during profile updates or settings changes.","\u002F\u002F File: winter-activity-log.php (or includes\u002Fclass-winter-activity-log-admin.php)\n\u002F\u002F The plugin registers the AJAX action for authenticated users without checking capabilities\nadd_action( 'wp_ajax_winter_activity_log_action', 'winter_activity_log_action' );\n\nfunction winter_activity_log_action() {\n \u002F\u002F A nonce check is likely present, but it does not restrict access by user role\n if ( ! isset( $_POST['winter_activity_log_nonce'] ) || ! wp_verify_nonce( $_POST['winter_activity_log_nonce'], 'winter_activity_log_action' ) ) {\n wp_die( 'Security check failed' );\n }\n\n \u002F\u002F Missing: if ( ! current_user_can( 'manage_options' ) ) { wp_die(); }\n\n $method = isset( $_POST['method'] ) ? sanitize_text_field( $_POST['method'] ) : '';\n \n if ( $method === 'download_log' ) {\n $log_file = WINTERLOCK_LOG_DIR . '\u002Factivity.log';\n if ( file_exists( $log_file ) ) {\n header('Content-Description: File Transfer');\n header('Content-Type: application\u002Foctet-stream');\n header('Content-Disposition: attachment; filename=\"'.basename($log_file).'\"');\n readfile( $log_file );\n exit;\n }\n }\n}","--- a\u002Fincludes\u002Fclass-winter-activity-log-admin.php\n+++ b\u002Fincludes\u002Fclass-winter-activity-log-admin.php\n@@ -10,6 +10,10 @@\n function winter_activity_log_action() {\n check_ajax_referer( 'winter_activity_log_nonce', 'security' );\n \n+ if ( ! current_user_can( 'manage_options' ) ) {\n+ wp_die( __( 'You do not have sufficient permissions to access this page.' ) );\n+ }\n+\n $method = isset( $_POST['method'] ) ? sanitize_text_field( $_POST['method'] ) : '';\n \n if ( $method === 'download_log' ) {","To exploit this vulnerability, an attacker must first authenticate as a Subscriber. They then navigate to any administrative page (e.g., \u002Fwp-admin\u002Fprofile.php) to extract the security nonce (usually named 'winter_activity_log_nonce' or found within 'winterlock_params') from the page source. Using this nonce, the attacker sends a POST request to \u002Fwp-admin\u002Fadmin-ajax.php with the parameters 'action=winter_activity_log_action', the extracted nonce, and 'method=download_log'. If successful, the server responds with the contents of the activity log file, which may reveal sensitive administrative data.","2026-04-21 00:15:06","2026-04-21 00:15:29",{"id":92,"url_slug":93,"title":94,"description":95,"plugin_slug":4,"theme_slug":39,"affected_versions":96,"patched_in_version":97,"severity":42,"cvss_score":43,"cvss_vector":98,"vuln_type":99,"published_date":100,"updated_date":101,"references":102,"days_to_patch":104,"patch_diff_files":105,"patch_trac_url":39,"research_status":39,"research_verified":60,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":60,"poc_model_used":39,"poc_verification_depth":39},"CVE-2025-24982","cross-site-request-forgery-cross-site-request-forgery","Cross-Site Request Forgery \u003C= 1.2.4 - Cross-Site Request Forgery","The Activity Log WinterLock plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete log data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=1.2.4","1.2.5","CVSS:3.0\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-02-04 00:00:00","2025-02-24 15:17:36",[103],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fccc1dd7b-61f3-4358-bbf8-75f44200d3b1?source=api-prod",21,[],{"id":107,"url_slug":108,"title":109,"description":110,"plugin_slug":4,"theme_slug":39,"affected_versions":111,"patched_in_version":112,"severity":42,"cvss_score":113,"cvss_vector":114,"vuln_type":115,"published_date":116,"updated_date":117,"references":118,"days_to_patch":120,"patch_diff_files":121,"patch_trac_url":39,"research_status":39,"research_verified":60,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":60,"poc_model_used":39,"poc_verification_depth":39},"CVE-2021-24756","wp-system-log-cross-site-scripting","WP System Log \u003C 1.0.21 - Cross-Site Scripting","The WP System Log WordPress plugin before 1.0.21 does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow unauthenticated attacker to perform Cross-Site Scripting attacks against admins viewing the logs.","\u003C1.0.21","1.0.21",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2021-11-15 00:00:00","2024-01-22 19:56:02",[119],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff5733a60-8078-48ed-9395-ea79b4199f7e?source=api-prod",799,[],{"slug":123,"display_name":7,"profile_url":8,"plugin_count":124,"total_installs":125,"avg_security_score":27,"avg_patch_time_days":126,"trust_score":127,"computed_at":128},"switcorp",5,1390,118,76,"2026-05-20T08:40:51.349Z",[130,154,180,202,225],{"slug":131,"name":132,"version":133,"author":134,"author_profile":135,"description":136,"short_description":137,"active_installs":138,"downloaded":139,"rating":140,"num_ratings":141,"last_updated":142,"tested_up_to":16,"requires_at_least":143,"requires_php":144,"tags":145,"homepage":150,"download_link":151,"security_score":152,"vuln_count":49,"unpatched_count":29,"last_vuln_date":153,"fetched_at":31},"wp-security-audit-log","WP Activity Log","5.6.2","Melapress","https:\u002F\u002Fprofiles.wordpress.org\u002Fmelapress\u002F","\u003Ch3>Monitor activity on your WordPress sites and get clear insights into what’s happening with detailed user and event logging.\u003C\u002Fh3>\n\u003Cp>Keep \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-activity-log\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wsal\" rel=\"nofollow ugc\">WordPress logs\u003C\u002Fa> of everything that happens on your sites and multisite networks with WP Activity Log instantly, without writing a line of code.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Easily detect suspicious activity\u003C\u002Fstrong> on your WordPress site before it escalates\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Record failed login attempts\u003C\u002Fstrong> to detect potential security breaches and strengthen site protection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Track user logins and logouts\u003C\u002Fstrong> to ensure SLAs are consistently met\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Monitor user activity and productivity\u003C\u002Fstrong> to boost accountability\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Know exactly what all your users are doing\u003C\u002Fstrong> in real time\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Know what happened before an outage\u003C\u002Fstrong> for faster, easier troubleshooting\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ensure compliance with regulations and standards\u003C\u002Fstrong> like GDPR and PCI DSS\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Better manage & organize your site and users\u003C\u002Fstrong> for smoother operations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simple setup\u003C\u002Fstrong> ensures you start benefiting quickly and easily\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>WP Activity Log is a complete logging solution, helping hundreds of thousands of administrators and security professionals track changes on their websites thanks to real-time user activity monitoring.\u003C\u002Fp>\n\u003Cp>💎 Need more extensive features? Unlock advanced reporting, exports\u002Fmirroring, session management, and real-time alerts with \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-activity-log\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wsal\" rel=\"nofollow ugc\">WP Activity Log premium or enterprise\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FpgFEMIvKFTA?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>What WordPress changes WP Activity Log tracks\u003C\u002Fh3>\n\u003Cp>A website activity log is important for improving troubleshooting, compliance, user management, and security.\u003Cbr \u002F>\nGet WP Activity Log and keep track of events on your site. The log not only tells you that a post, a user profile, or an object was updated, it also lets you know exactly what changed, when, and includes a user log (by whom), so you always have the information you need.\u003C\u002Fp>\n\u003Cp>Below is a summary of the changes that the plugin can keep a record of:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Post, page, and custom post type changes\u003C\u002Fstrong>: Status, content changes, title, URL, custom field, and other metadata changes\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Tags and category changes\u003C\u002Fstrong>: Creating, modifying, deleting, and adding\u002Fremoving them from posts\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Widget and menu changes\u003C\u002Fstrong>: Creating, modifying, or deleting them\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>User changes\u003C\u002Fstrong>: User created or registered, deleted, or added to a site on multisite network\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>User profile changes\u003C\u002Fstrong>: Password, email, display name, and role changes\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Access logging\u003C\u002Fstrong>: User login, logout, failed logins, and terminating other sessions\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>WordPress core and settings changes\u003C\u002Fstrong>: Installed updates, permalinks, default role, URL, and other site-wide changes\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>WordPress multisite network changes\u003C\u002Fstrong>: Adding, deleting, or archiving sites, adding or removing users from sites, etc.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Plugin and Theme changes\u003C\u002Fstrong>: Installing, activating, deactivating, uninstalling, and updating\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>WordPress database changes\u003C\u002Fstrong>: When a plugin adds or removes a table\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Third-party plugin changes\u003C\u002Fstrong>: WooCommerce Stores & products, Yoast SEO, RankMath, Termly, WPForms, Gravity Forms, Advanced Custom Fields (ACF), MainWP, ManageWP, WP Umbrella, and other popular WordPress plugins\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>WordPress site file changes\u003C\u002Fstrong>: New files added, or existing files modified or deleted.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Event details recorded\u003C\u002Fh4>\n\u003Cp>Detailed event logging ensures that for every event that the plugin records, it reports the:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Date & time (and milliseconds) of when it happened\u003C\u002Fli>\n\u003Cli>User & role of the user who did the change\u003C\u002Fli>\n\u003Cli>Source IP address from where the change happened\u003C\u002Fli>\n\u003Cli>The object on which the change has taken place\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Refer to \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fsupport\u002Fkb\u002Fwp-activity-log-list-event-ids\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wsal\" rel=\"nofollow ugc\">WordPress activity log event IDs\u003C\u002Fa> for a complete list of all the changes WP Activity Log can keep a record of and a detailed explanation of what change every event ID represents.\u003C\u002Fp>\n\u003Ch3>💎 Upgrade to WP Activity Log Premium and get even more\u003C\u002Fh3>\n\u003Cp>The premium edition of WP Activity Log takes WordPress user activity tracking to the next level. It comes bundled with even more features, including log mirroring, enterprise-grade support, user session management, and much more!\u003C\u002Fp>\n\u003Ch4>Premium features list\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>See who is logged in\u003C\u002Fstrong> and monitor their current activities in real-time\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Log off any user\u003C\u002Fstrong> at the click of a button\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Generate fully-configurable HTML and CSV reports\u003C\u002Fstrong> for easy data analysis\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Receive email, SMS, and Slack notifications\u003C\u002Fstrong> for important changes (fully configurable)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Use search filters\u003C\u002Fstrong> to fine-tune results and find what you need in seconds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Store the activity logs in an external database\u003C\u002Fstrong> to enhance security and scalability\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mirror the activity log\u003C\u002Fstrong> to log management systems such as AWS CloudWatch, Loggly, Papertrail, and others in real-time\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mirror the logs to business communication systems\u003C\u002Fstrong> like Slack\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Send a copy of your website’s activity log\u003C\u002Fstrong> to a log file on your web server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Archive old activity log data\u003C\u002Fstrong> to another database for improved storage and log management\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Add notes to activity log entries\u003C\u002Fstrong> for better context and internal documentation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Refer to the \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-activity-log\u002Ffeatures\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wsal\" rel=\"nofollow ugc\">WP Activity Log plugin features and benefits page\u003C\u002Fa> to learn more about the benefits of upgrading to WP Activity Log Premium.\u003C\u002Fp>\n\u003Ch3>🔌 WP Activity Log third-party plugin support\u003C\u002Fh3>\n\u003Cp>All WP Activity Log editions include activity tracking for third-party plugins, including (in alphabetical order):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Advanced Custom Fields (ACF)\u003C\u002Fstrong> – Log changes to post types, taxonomies, and taxonomy terms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>bbPress\u003C\u002Fstrong> – Track changes to forums, topics, and bbPress settings\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gravity Forms\u003C\u002Fstrong> – Track changes to Gravity Forms settings, forms, and entries (leads)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>LearnDash\u003C\u002Fstrong> – Track changes to courses, lessons, and other system changes, as well as student activity such as course, lesson, and quiz enrollments and completions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>MemberPress\u003C\u002Fstrong> – Log changes to plugin settings, memberships, payments, subscriptions, and other actions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite & management tools\u003C\u002Fstrong> – Track changes across your network for \u003Cstrong>MainWP, ManageWP, Modular DS, Infinite WP, WP Umbrella, WP Remote\u003C\u002Fstrong>, and other multisite management plugins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Paid Membership Pro\u003C\u002Fstrong> – Log changes to membership levels, user assignments, and more. Premium users can also track order and checkout activity, and access a Members Activity panel inside each member’s profile for instant visibility into recent actions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>RankMath\u003C\u002Fstrong> – Log changes to RankMath settings, SEO configurations, and on-page SEO edits\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirection\u003C\u002Fstrong> – Keep a log of changes to redirections and redirection groups\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Termly\u003C\u002Fstrong> – Log changes to Termly settings and configurations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce\u003C\u002Fstrong> – Keep a log of changes to store settings, orders, products, coupons, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPForms\u003C\u002Fstrong> – Log changes to WPForms settings, forms, form files, and entries (leads)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Yoast SEO\u003C\u002Fstrong> – Track changes to Yoast SEO settings and on-page SEO in the Yoast SEO meta box\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Extra Features for Enhanced Monitoring and Management\u003C\u002Fh3>\n\u003Cp>Both free and premium editions of WP Activity Log include a number of non-logging specific features that make the plugin a complete WordPress monitoring solution. Here is what is included:\u003C\u002Fp>\n\u003Ch4>Free\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Built-in support for reverse proxies and web application firewalls\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Integration with WhatIsMyIpAddress.com\u003C\u002Fstrong> – get all information about an IP address with a single click\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit who can view the WordPress activity log\u003C\u002Fstrong> by users or roles\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enable or disable individual event IDs\u003C\u002Fstrong> from the activity log\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable dashboard widget\u003C\u002Fstrong> highlighting the most recent critical activity\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable WordPress activity log retention policies\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Display user avatars\u003C\u002Fstrong> in events for better recognizability\u003C\u002Fli>\n\u003Cli>\u003Cstrong>And much more!\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Premium\u003C\u002Fh4>\n\u003Cp>Everything that’s included in the Free edition, plus:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Full WordPress multisite support\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Create custom alerts & notifications\u003C\u002Fstrong> to monitor additional functionality\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Import and export plugin settings\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time activity log\u003C\u002Fstrong> visible in the WordPress admin toolbar\u003C\u002Fli>\n\u003Cli>\u003Cstrong>And much more!\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛠️ Free and premium plugin support\u003C\u002Fh3>\n\u003Cp>If you encounter any issues with the free edition of WP Activity Log, you can post and get help on the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-security-audit-log\u002F\" rel=\"ugc\">WordPress.org support forums\u003C\u002Fa>. You can also find more technical information and plugin documentation on the \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fsupport\u002Fkb\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wsal\" rel=\"nofollow ugc\">Melapress knowledge base\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Premium plugins include a full year of free updates and dedicated one-to-one premium email support. This means you get direct access to our support team who will assist you with any questions or issues related to the plugins.\u003C\u002Fp>\n\u003Ch3>As featured on:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fkinsta.com\u002Fblog\u002Fwordpress-activity-log\u002F\" rel=\"nofollow ugc\">Kinsta\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpagely.com\u002Fblog\u002F2015\u002F01\u002Flog-wordpress-dashboard-activity-improved-security-auditing\u002F\" rel=\"nofollow ugc\">Pagely\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.shoutmeloud.com\u002Fwordpress-security-audit-log.html\" rel=\"nofollow ugc\">Shout Me Loud\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fthedevcouple.com\u002Fwp-security-audit-log-review\u002F\" rel=\"nofollow ugc\">The Dev Couple\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.wpkube.com\u002Fimprove-wordpress-security-wp-security-audit-log\u002F\" rel=\"nofollow ugc\">WPKube\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.techwibe.com\u002Fwp-security-audit-log-wordpress-plugin\u002F\" rel=\"nofollow ugc\">Techwibe\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftidyrepo.com\u002Fwp-security-audit-log-wordpress-activity-log\u002F\" rel=\"nofollow ugc\">Tidy Repo\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.kitploit.com\u002F2016\u002F10\u002Fwp-security-audit-log-ultimate.html\" rel=\"nofollow ugc\">KitPloit\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>and many others.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>MAINTAINED & SUPPORTED BY MELAPRESS\u003C\u002Fh3>\n\u003Cp>Melapress develops high-quality WordPress management and security plugins such as Melapress Login Security, WP 2FA, and Melapress Role Editor.\u003C\u002Fp>\n\u003Cp>Browse our list of \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wsal\" rel=\"nofollow ugc\">WordPress security and administration plugins\u003C\u002Fa> to see how our plugins can help you better manage and improve the security and administration of your WordPress websites and users.\u003C\u002Fp>\n\u003Ch3>Installing WP Activity Log\u003C\u002Fh3>\n\u003Ch3>Install WP Activity Log from within WordPress\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Visit ‘Plugins > Add New’\u003C\u002Fli>\n\u003Cli>Search for ‘WP Activity Log’\u003C\u002Fli>\n\u003Cli>Install and activate the WP Activity Log plugin\u003C\u002Fli>\n\u003Cli>Allow or skip diagnostic tracking\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Install WP Activity Log manually\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Extract the plugin ZIP file and upload it to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>Activate the WP Activity Log plugin from the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003Cli>Allow or skip diagnostic tracking\u003C\u002Fli>\n\u003C\u002Fol>\n","The #1 user-rated activity log plugin for event logging, activity monitoring and change tracking.",300000,8737653,94,479,"2026-04-01T11:34:00.000Z","5.5","7.4",[21,146,147,148,149],"event-log","history","logger","user-tracking","https:\u002F\u002Fmelapress.com\u002Fwordpress-activity-log\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-security-audit-log.5.6.2.zip",82,"2026-02-14 00:00:00",{"slug":155,"name":156,"version":157,"author":158,"author_profile":159,"description":160,"short_description":161,"active_installs":162,"downloaded":163,"rating":164,"num_ratings":165,"last_updated":166,"tested_up_to":167,"requires_at_least":168,"requires_php":169,"tags":170,"homepage":175,"download_link":176,"security_score":177,"vuln_count":178,"unpatched_count":29,"last_vuln_date":179,"fetched_at":31},"aryo-activity-log","Activity Log – Monitor & Record User Changes","2.11.2","Elementor","https:\u002F\u002Fprofiles.wordpress.org\u002Felemntor\u002F","\u003Cp>\u003Cstrong>AN EASY TO USE & FULLY SUPPORTED WORDPRESS ACTIVITY LOG PLUGIN\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Want to monitor and track your WordPress website activity? Find out exactly who does what on your WordPress website with this plugin. Activity Log is like an airplane’s black box that logs every action in the WordPress admin, and lets you see exactly what users are doing on your WordPress website.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>If someone is trying to hack your site\u003C\u002Fli>\n\u003Cli>When a post was published, and who published it\u003C\u002Fli>\n\u003Cli>If a plugin\u002Ftheme was activated\u002Fdeactivated\u003C\u002Fli>\n\u003Cli>Suspicious admin activity\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It’s so essential; you’ll wonder how you ever managed your website without it. The plugin is also lightning fast and works behind the scenes, so it doesn\\’t affect site and admin performance. For optimal performance, we built the plugin so that it runs on a separate table in the database.\u003C\u002Fp>\n\u003Cp>If you have more than a handful of users, keeping track of who did what is virtually impossible. This plugin solves that issue by tracking what actions were initiated by which users, and displaying it in an easy-to-use and easy-to-filter view on the dashboard of your WordPress site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>New! Introducing Email Logging\u003C\u002Fstrong> – Capture all emails sent from your WordPress site for streamlined debugging and compliance. Gain better visibility into email communication, aiding both troubleshooting and record-keeping. This is particularly beneficial for WooCommerce stores, allowing you to easily track sent emails alongside other critical site events.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Export to CSV\u003C\u002Fstrong> – Export your Activity Log data records to CSV. Developers can easily add support for custom data formats with our new dedicated Export API.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Data Privacy and GDPR Compliance\u003C\u002Fstrong> – We provide the tools to help you adhere to GDPR compliance standards, including Export\u002FErasure of data via the WordPress Privacy Tools.\u003C\u002Fp>\n\u003Ch3>With the Activity Log you can record:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress\u003C\u002Fstrong> – Core updates\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Posts\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pages\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Post Type\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Tags\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Categories\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Taxonomies\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Menus\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Media\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comments\u003C\u002Fstrong> – Created, approved, unapproved, trashed, untrashed, spammed, unspammed, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Users\u003C\u002Fstrong> – Login, logout, login failed, update profile, registered, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Plugins\u003C\u002Fstrong> – Installed, updated, activated, deactivated, changed\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Themes\u003C\u002Fstrong> – Installed, updated, deleted, activated, changed (Editor and Customizer)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Widgets\u003C\u002Fstrong> – Added to sidebar, deleted from sidebar, order widgets\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setting\u003C\u002Fstrong> – General, writing, reading, discussion, media, permalinks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Options\u003C\u002Fstrong> – Extended custom settings for 3rd party plugins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Export\u003C\u002Fstrong> – Exported activity log file\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce\u003C\u002Fstrong> – Track products, orders, customers, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>bbPress\u003C\u002Fstrong> – Forums, topics, replies, taxonomies, and other actions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Emails sent from WordPress site\u003C\u002Fstrong> – Sending successful, sending failed\u003C\u002Fli>\n\u003Cli>There’s more, of course, but you get the point…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For each event recorded by the activity log, the following details are also logged:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Date and time of occurrence\u003C\u002Fli>\n\u003Cli>User and user role responsible for the change\u003C\u002Fli>\n\u003Cli>Source IP address from which the change originated\u003C\u002Fli>\n\u003Cli>Affected object where the change occurred\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin doesn\\’t require any kind of setup; it works right out of the box (just another reason people love it)!\u003C\u002Fp>\n\u003Ch3>Data Storage and Performance Optimization\u003C\u002Fh3>\n\u003Cp>In order to ensure optimal performance of your website, all events and logs data are stored in a dedicated custom table within your WordPress database. This approach significantly reduces the impact on your website’s performance, ensuring seamless operation even during peak traffic periods.\u003C\u002Fp>\n\u003Ch3>Uninstall Clean-up\u003C\u002Fh3>\n\u003Cp>We understand the importance of maintaining a clean and efficient database environment. That’s why our plugin features an uninstall hook that seamlessly removes all traces of its presence from your website when uninstalling. This meticulous clean-up process ensures that your database remains lean and clutter-free even after our plugin has been removed.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>With our optimized data storage, thorough logging, and meticulous clean-up process, you can trust that our plugin will enhance the functionality and security of your WordPress site without compromising its performance.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>What users have to say\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cem>“Its tools, particularly for data privacy and GDPR compliance, make it indispensable for websites operating within European Union boundaries or dealing with EU citizens’ data”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fblog.hubspot.com\u002Fwebsite\u002F8-best-plugins-tracking-user-activity-wordpress\" rel=\"nofollow ugc\">HubSpot.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“If you’re after a competent WP security audit log plugin with all the basic features you need, Activity Log is it!”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fwpastra.com\u002Fplugins\u002Fwordpress-activity-log-plugins\u002F\" rel=\"nofollow ugc\">WPAstra.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“Activity Log features a remarkably straightforward dashboard interface, providing administrators with an at-a-glance understanding of site interactions”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fwww.malcare.com\u002Fblog\u002Fwordpress-activity-log\u002F\" rel=\"nofollow ugc\">Malcare.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“Best 10 Free WordPress Plugins of the Month: Keeping tabs on what your users do with their access to the Dashboard”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fmanagewp.com\u002Fbest-free-wordpress-plugins-july-2014\" rel=\"nofollow ugc\">ManageWP.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“Thanks to this step, we’ve discovered that our site was undergoing a brute force attack”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fartdriver.com\u002Fblog\u002Fwordpress-site-hacked-solution-time\" rel=\"nofollow ugc\">Artdriver.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“Optimized code – The plugin itself is blazing fast and leaves almost no footprint on the server”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fwww.freshtechtips.com\u002F2014\u002F01\u002Fbest-audit-trail-plugins-for-wordpress.html\" rel=\"nofollow ugc\">FreshTechTips.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“Activity Log lets you track a huge range of activities. Overall, very easy to use and setup”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fwww.elegantthemes.com\u002Fblog\u002Ftips-tricks\u002F5-best-ways-to-monitor-wordpress-activity-via-the-dashboard\" rel=\"nofollow ugc\">ElegantThemes.com\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contributions:\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Would you like to contribute to this plugin?\u003C\u002Fstrong> You’re more than welcome to submit your pull requests on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpojome\u002Factivity-log\" rel=\"nofollow ugc\">GitHub repo\u003C\u002Fa>. And, if you have any notes about the code, please open a ticket on the issue tracker.\u003C\u002Fp>\n","This top rated Activity Log plugin helps you monitor & log all changes and actions on your WordPress site, so you can remain secure and organized.",200000,4007371,86,74,"2024-11-12T14:55:00.000Z","6.7.5","6.0","7.0",[21,171,172,173,174],"audit-log","email-log","security","user-log","https:\u002F\u002Factivitylog.io\u002F?utm_source=wp-plugins&utm_campaign=plugin-uri&utm_medium=wp-dash","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faryo-activity-log.2.11.2.zip",85,9,"2024-11-20 17:10:23",{"slug":181,"name":182,"version":183,"author":184,"author_profile":185,"description":186,"short_description":187,"active_installs":188,"downloaded":189,"rating":190,"num_ratings":191,"last_updated":192,"tested_up_to":169,"requires_at_least":193,"requires_php":144,"tags":194,"homepage":198,"download_link":199,"security_score":200,"vuln_count":49,"unpatched_count":29,"last_vuln_date":201,"fetched_at":31},"wp-simple-firewall","Shield: Blocks Bots, Protects Users, and Prevents Security Breaches","21.2.6","Paul","https:\u002F\u002Fprofiles.wordpress.org\u002Fpaultgoodchild\u002F","\u003Cp>Shield stops bot attacks before they hack your site. Bots CAN be stopped. Shield stops them.\u003C\u002Fp>\n\u003Ch3>Key Security Features At A Glance\u003C\u002Fh3>\n\u003Ch3>[PRO-Only] Zero-Configuration, Fast & Reliable WordPress Backups Included\u003C\u002Fh3>\n\u003Cp>We’ve made WordPress backups faster than ever with our integrated WordPress Disaster Recovery Backups solution – \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fshieldbackups\" rel=\"nofollow ugc\">ShieldBACKUPS\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>No more risky Cloud Storage\u002FOAuth credentials exposed on your sites; Backups that work without relying on a temperamental WordPress cron.\u003C\u002Fp>\n\u003Cp>ShieldBACKUPS keeps your data off-site, encrypted, and far away from hackers.\u003C\u002Fp>\n\u003Ch3>\u003Cem>silent\u003C\u002Fem>CAPTCHA Bad Bot Protection\u003C\u002Fh3>\n\u003Cp>Bad bots are your #1 security threat. They account for nearly all WordPress security probes, attacks, injections, malware, and vulnerability exploitation.\u003C\u002Fp>\n\u003Cp>Google reCAPTCHA and CloudFlare Turnstile are considered the best way to detect bots, but these along with all other CAPTCHAs interrupt the user experience.\u003C\u002Fp>\n\u003Cp>Shield’s exclusive \u003Cem>silent\u003C\u002Fem>CAPTCHA detects bad bots and blocks them from taking any abusive actions on your site, such as brute-force user login attacks and WP Comments SPAM.\u003C\u002Fp>\n\u003Cp>Furthermore, privacy directives from legislation such as Europe’s GDPR restrict what data you may share of your visitors. All \u003Cem>silent\u003C\u002Fem>CAPTCHA data is kept on your WordPress site and ensures full compliance with GDPR regulations.\u003C\u002Fp>\n\u003Ch3>Comprehensive Activity Log\u003C\u002Fh3>\n\u003Cp>Shield’s has best-in-class logging that documents every WP action on your site.\u003C\u002Fp>\n\u003Cp>Unlike existing logging solutions, Shield detects changes to your WordPress sites that happen directly on your database. e.g. by hackers that have infiltrated your defenses via an exposed vulnerability.\u003C\u002Fp>\n\u003Cp>No other WordPress security plugin does this.\u003C\u002Fp>\n\u003Ch3>Limit Login Attempts and Block User Registration SPAM\u003C\u002Fh3>\n\u003Cp>\u003Cem>silent\u003C\u002Fem>CAPTCHA technology is invisible to your visitors and protects your WordPress login, registration and lost password forms from brute force attacks, and eliminates user registration SPAM from bots.\u003C\u002Fp>\n\u003Ch3>User Session Theft Protection\u003C\u002Fh3>\n\u003Cp>Shield can lock user session to browsers, or IP addresses. Combine with 2FA (below), you can protect your users from session theft and account theft.\u003C\u002Fp>\n\u003Ch3>Two-Factor Authentication (2FA) for all users\u003C\u002Fh3>\n\u003Cp>Two-Factor Authentication is a crucial part of WordPress user security. It protects against account theft, takeover, and sharing. Shield supports email-based login code, Google\u002FMicrosoft\u002FLastpass Authenticator, Yubikey One-Time Passwords and Passkeys (pro).\u003C\u002Fp>\n\u003Ch3>Exclusive Security Admin Protection\u003C\u002Fh3>\n\u003Cp>Not only does Shield Security protect your WordPress site, it also provides security against tampering of key WordPress options and the Shield Security plugin itself. With Shield’s exclusive Security Admin feature, you can lockdown the security plugin from other admins to prevent accidental or malicious changes that will impact your security.\u003C\u002Fp>\n\u003Ch3>CrowdSec Partnership\u003C\u002Fh3>\n\u003Cp>Shield is the only WordPress security plugin with strategic partnerships that bring powerful protection to your WordPress sites. With our CrowdSec integration, your WordPress sites benefit from crowd-sourced IP Block Lists so your site can block malicious bots before they can do any damage whatsoever.\u003C\u002Fp>\n\u003Ch3>All The Features You’ll Absolutely Love\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>[ShieldPRO] ShieldBACKUPS – Disaster-proof your WordPress site with fast, reliable, easy WordPress backups!\u003C\u002Fli>\n\u003Cli>Exclusive \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fju\" rel=\"nofollow ugc\">silentCAPTCHA Security\u003C\u002Fa> – WordPress-specific bot-detection alternative to Google reCAPTCHA and CloudFlare Turnstile.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fj0\" rel=\"nofollow ugc\">Automatic Bot & IP Blocking\u003C\u002Fa> – reputation-based security intelligence to block repeat offenders automatically.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Instant Bad Bot Blocking with \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fl5\" rel=\"nofollow ugc\">our exclusive CrowdSec Security integration\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Easy To Understand Security Dashboard that highlights quick wins and areas to rapidly improve site security\u003C\u002Fli>\n\u003Cli>[ShieldPRO] \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Flf\" rel=\"nofollow ugc\">Artificial Intelligence based PHP Malware Detection\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Security for your important user forms, by blocking Block Bots:\n\u003Cul>\n\u003Cli>Login Forms\u003C\u002Fli>\n\u003Cli>User Registration Forms\u003C\u002Fli>\n\u003Cli>Lost Password Reset Forms\u003C\u002Fli>\n\u003Cli>[ShieldPRO] WooCommerce & Easy Digital Downloads\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Contact Form SPAM Protection: Contact Form 7, NinjaForms, Elementor, WP Forms, and more!\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Memberpress, LearnPress, BuddyPress, WP Members, ProfileBuilder\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fiw\" rel=\"nofollow ugc\">Brute Force Security Protection, Limit Login Attempts + Login Cooldown\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Powerful Firewall Rules\u003C\u002Fli>\n\u003Cli>Restricted Security Admin Access\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fix\" rel=\"nofollow ugc\">Prevents Unauthorized Changes By Compromised Admins\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>(MFA) \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fiy\" rel=\"nofollow ugc\">Two-Factor \u002F Multi-Factor Login Authentication\u003C\u002Fa>:\n\u003Cul>\n\u003Cli>Email\u003C\u002Fli>\n\u003Cli>Google Authenticator\u003C\u002Fli>\n\u003Cli>Yubikey\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Passkeys\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Backup Login Codes\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Multiple Yubikey per User\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Remember Me (reduces 2FA requests for users)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fiz\" rel=\"nofollow ugc\">Block XML-RPC\u003C\u002Fa> (\u003Cem>including\u003C\u002Fem> Pingbacks and Trackbacks)\u003C\u002Fli>\n\u003Cli>Security firewall for the REST API – block anonymous requests\u003C\u002Fli>\n\u003Cli>Powerful IP Addresses-based Security:\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fj0\" rel=\"nofollow ugc\">Automatic IP Address Blocking Using Points-Based System\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Block or Bypass individual IPs\u003C\u002Fli>\n\u003Cli>Block or Bypass IP Subnets\u003C\u002Fli>\n\u003Cli>Full IP Security Analysis in 1 place to review activity on your sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Comprehensive WordPress File Scanner for Intrusions and Hacks\n\u003Cul>\n\u003Cli>Detect File Changes – \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fj1\" rel=\"nofollow ugc\">Scan & Repair WordPress Core Files\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fj2\" rel=\"nofollow ugc\">Detect Unknown\u002FSuspicious PHP Files\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Detect Abandoned Plugins.\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Malware Scanner – detects known and unknown malware.\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Plugin and Theme Scanning – identify file changes in your plugins\u002Fthemes.\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Detect Plugins\u002FThemes With Known Security Vulnerabilities.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fj3\" rel=\"nofollow ugc\">Create a \u003Cstrong>Private Secure Login URL\u003C\u002Fstrong> by hiding wp-login.php\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Comment SPAM Blocking – Block \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fjf\" rel=\"nofollow ugc\">Comment SPAM from Bots and Humans\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Never Block Google\u003C\u002Fstrong>: Smart Security Automatically Detects Known Good Bots: GoogleBot, Bing and other Official Search Engines including:\n\u003Cul>\n\u003Cli>Google\u003C\u002Fli>\n\u003Cli>Bing,\u003C\u002Fli>\n\u003Cli>DuckDuckGo\u003C\u002Fli>\n\u003Cli>Yahoo!\u003C\u002Fli>\n\u003Cli>Baidu\u003C\u002Fli>\n\u003Cli>Apple\u003C\u002Fli>\n\u003Cli>Yandex\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Automatically Detects 3rd Party Services and Prevents Blocking Of:\n\u003Cul>\n\u003Cli>ManageWP \u002F iControlWP \u002F MainWP\u003C\u002Fli>\n\u003Cli>Pingdom, NodePing, Statuscake, UptimeRobot, GTMetrix\u003C\u002Fli>\n\u003Cli>Stripe, PayPal IPN\u003C\u002Fli>\n\u003Cli>CloudFlare, SEMRush\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Full Security Activity Log – \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fj5\" rel=\"nofollow ugc\">Monitor \u003Cstrong>All\u003C\u002Fstrong> Site Activity, including\u003C\u002Fa>:\n\u003Cul>\n\u003Cli>Activity log for all user login & registration attempts\u003C\u002Fli>\n\u003Cli>Plugin and Theme installation activity logs, including activation & deactivation etc.\u003C\u002Fli>\n\u003Cli>User creation activity log, including detection of administrator promotions\u003C\u002Fli>\n\u003Cli>Activity log for Page\u002FPost create, update, delete\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Advanced User Sessions Control\n\u003Cul>\n\u003Cli>Restrict Multiple User Login\u003C\u002Fli>\n\u003Cli>Restrict Users Session To IP\u003C\u002Fli>\n\u003Cli>Password Security – Block Pwned Passwords\u003C\u002Fli>\n\u003Cli>User Enumeration Blocking – Firewall blocks requests to \u003Ccode>?author=x\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Security for old and idle user account with manual and automatic User Suspend.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Full\u002FAutomatic Support for All IP Address Sources including Proxy Support\u003C\u002Fli>\n\u003Cli>HTTP Request\u002FTraffic Logging – \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fj7\" rel=\"nofollow ugc\">Full Traffic Logging and Request Monitoring\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Traffic Rate Limiting Security – prevent server overload from DoS Attacks\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fj6\" rel=\"nofollow ugc\">HTTP Security Headers & Content Security Policies (CSP)\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fshieldfeatures\" rel=\"nofollow ugc\">Full Shield Security Features List\u003C\u002Fa>\u003C\u002Fh4>\n\u003Cp>Shield is the only security plugin for WordPress that prioritises protection and intrusion prevention before repair. With Shield Security, your site will immediately to block visitors as they probe your site looking for vulnerabilities, and before they can do damage.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No other standalone WordPress security plugin\u003C\u002Fstrong> (including \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fshieldvswordfence\" rel=\"nofollow ugc\">Wordfence\u003C\u002Fa>, WP Cerber, Ninja Firewall, All-In-One Security) approaches security in this way. The 1st step in any good security system is Intrusion Detection\u002FPrevention, the 2nd step is repair. Shield Security does both.\u003C\u002Fp>\n\u003Ch4>Get the highest rated 5* Security Plugin for WordPress\u003C\u002Fh4>\n\u003Cp>Per download, Shield Security \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fjl\" rel=\"nofollow ugc\">has the highest 5* rating\u003C\u002Fa> in the WordPress plugin repository.\u003C\u002Fp>\n\u003Ch3>Leave Behind the Security Marketing Hype and Scare Mongering\u003C\u002Fh3>\n\u003Cp>Our solution isn’t designed to scare you and make you feel unsafe.\u003C\u002Fp>\n\u003Ch3>2 Key WordPress Security Strategies\u003C\u002Fh3>\n\u003Cp>Shield Security uses 2 simple key strategies to protect your WordPress sites:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Intrusion Prevention System – Detect Bots\u002FMalicious IPs that will try to hack and invade your WordPress sites.\u003C\u002Fli>\n\u003Cli>Block & Recover – Block Bad Bots and Repair Hacks\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Key Security Strategy #1: Hacking Prevention\u003C\u002Fh4>\n\u003Cp>Bad Bots are the primary cause for nearly all our security troubles – they’re relentless, automatic and powerful.\u003C\u002Fp>\n\u003Cp>Shield Security is highly focused on their detection and eradication from your WordPress sites.\u003C\u002Fp>\n\u003Cp>Blocking malicious bots before they do damage through malware and exploitation of vulnerabilities is the #1 security strategy to protect and enhance security on a WordPress site.\u003C\u002Fp>\n\u003Cp>Shield detects these malicious visitors, then blocks their access to your site completely. This involves analysing different security bot-signals and combining them to identify a visitor as malicious.\u003C\u002Fp>\n\u003Cp>These security signals include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>site probes that generate 404 errors\u003C\u002Fli>\n\u003Cli>failed logins\u003C\u002Fli>\n\u003Cli>logins with invalid usernames\u003C\u002Fli>\n\u003Cli>xml-rpc access\u003C\u002Fli>\n\u003Cli>fake search engine web crawlers\u003C\u002Fli>\n\u003Cli>invalid user agents\u003C\u002Fli>\n\u003Cli>excessive website requests and resource abuse\u003C\u002Fli>\n\u003Cli>and many more signals our security team have identified.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Early identification and blocking of malicious bots reduces your WordPress site’s vulnerability to any sort of attack.\u003C\u002Fp>\n\u003Ch4>Key Strategy #2: Hacking Recovery\u003C\u002Fh4>\n\u003Cp>Even with the best security efforts, a site can get hacked. This usually involves file modification: either a hack file is added, or a file is changed.\u003C\u002Fp>\n\u003Cp>There are 3 key WordPress assets whose files can be hacked:\u003C\u002Fp>\n\u003Col>\n\u003Cli>WordPress Core\u003C\u002Fli>\n\u003Cli>WordPress Plugins\u003C\u002Fli>\n\u003Cli>WordPress Themes\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Almost every security plugin can now do #1 – it’s easy because WordPress.org provides \u003Cem>checksums\u003C\u002Fem> for core files.\u003C\u002Fp>\n\u003Cp>But, there are no hashes available for plugins and themes, particularly premium plugins, so they can’t do it.\u003C\u002Fp>\n\u003Cp>Shield is \u003Cstrong>the only WordPress security plugin\u003C\u002Fstrong> that offers accurate detection of file modifications for all plugins and themes because we \u003Cstrong>build our own file fingerprints\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Shield can compare the file contents of every plugin & theme in the WordPress.org repository, looking for changed or new files\u003C\u002Fp>\n\u003Cp>And, if you’re a ShieldPRO client, you can protect premium plugins\u002Fthemes too, including Yoast SEO and Advanced Custom Fields Pro.\u003C\u002Fp>\n\u003Cp>Where possible, Shield will repair any unrecognised\u002Fmodified files it detects.\u003C\u002Fp>\n\u003Ch4>Non-stop Security Notifications Are Not Okay.\u003C\u002Fh4>\n\u003Cp>Your security plugin must be smarter, and take responsibility for decisions, so you don’t have to.\u003C\u002Fp>\n\u003Cp>Shield handles many problems for you, making intelligent decisions without noisy email notifications.\u003C\u002Fp>\n\u003Ch3>Dedicated Premium Support When You Go PRO\u003C\u002Fh3>\n\u003Cp>The Shield Security team prioritises email technical support over the WordPress.org forums.\u003Cbr \u002F>\nIndividual, dedicated technical support is only available to customers who have \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fab\" rel=\"nofollow ugc\">purchased Shield Pro\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Discover all the advantages of switching your WordPress security Pro at \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fab\" rel=\"nofollow ugc\">our Shield Security store\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Partnerships & Integrations\u003C\u002Fh3>\n\u003Cp>We believe that \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fol\" rel=\"nofollow ugc\">silentCAPTCHA\u003C\u002Fa> is one of the simplest and most powerful solutions available today for all WordPress site owners to block and eliminate automated bot spam.\u003C\u002Fp>\n\u003Cp>That’s why we’ve started a collaboration campaign with other WordPress plugin developers to adapt their plugins to natively support Shield’s silentCAPTCHA solution, alongside Google reCAPTCHA & Cloudflare Turnstile.\u003C\u002Fp>\n\u003Cp>When you use one of the products from any of our partners, you will be able to activate Shield’s silentCAPTCHA bot spam protection so that your forms are protected from automated spam. You won’t need any site\u002FAPI keys, custom integrations, or JavaScript that can breaks your forms. It all works automatically for you when you enable the feature.\u003C\u002Fp>\n\u003Cp>As of this release, we have partnered with the following WordPress form providers:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-form-builder\u002F\" rel=\"ugc\">Easy Form Builder\u003C\u002Fa> v4+\u003C\u002Fli>\n\u003C\u002Ful>\n","Shield stops bot attacks before they hack your site. Bots CAN be stopped. Shield stops them.",40000,12651839,96,1032,"2026-03-05T10:26:00.000Z","5.7",[195,21,196,197,173],"2fa","bots","firewall","https:\u002F\u002Fclk.shldscrty.com\u002F2f","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-simple-firewall.21.2.6.zip",83,"2026-02-18 16:19:04",{"slug":203,"name":204,"version":205,"author":206,"author_profile":207,"description":208,"short_description":209,"active_installs":210,"downloaded":211,"rating":212,"num_ratings":213,"last_updated":214,"tested_up_to":16,"requires_at_least":215,"requires_php":216,"tags":217,"homepage":222,"download_link":223,"security_score":190,"vuln_count":28,"unpatched_count":29,"last_vuln_date":224,"fetched_at":31},"simple-page-access-restriction","Simple Page Access Restriction","1.0.35","Plugins and Snippets","https:\u002F\u002Fprofiles.wordpress.org\u002Fpluginsandsnippets\u002F","\u003Cp>Did you ever require to show certain pages to logged-in users only? You might have found a variety of WordPress Plugins to do this, but most of them are too complicated and too complex to use. What you might have preferred is a simple and easy-to-use plugin that allows you to restrict access to select WordPress pages to logged-in users only. Look no more; the \u003Cstrong>Simple Page Access Restriction Plugin\u003C\u002Fstrong> is what you need!\u003C\u002Fp>\n\u003Ch4>Restricting Access to Select WordPress Pages\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>This plugin offers a simple way to restrict visits to select pages only to logged-in users and allows for page redirection to a defined (login) page of your choice.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The plugin focuses on simplicity and is straightforward to use.\u003C\u002Fp>\n\u003Ch4>Defining a Page for Redirection\u003C\u002Fh4>\n\u003Cp>Simply define a (login) page, or a specified URL, in the plugin’s settings where guest users should be redirected to in case they are not logged in upon visiting select pages.\u003C\u002Fp>\n\u003Cp>Guest users visiting those pages will be redirected to the defined Login Redirect Page – as per the plugin’s setting.\u003C\u002Fp>\n\u003Ch4>Access Restrictions for logged-in Users Only\u003C\u002Fh4>\n\u003Cp>To restrict access to your pages to logged-in users only, simply open the respective page(s) in edit modus in WordPress. You will find a new Meta box inserted by our plugin where you can select to limit access to logged-in users only. This way, you have immediate clarity on which pages should only be visible to logged-in users.\u003C\u002Fp>\n\u003Cp>The Simple Page Access Restriction Plugin allows you to easily restrict access to certain pages of your users’ account, like a purchase history page, license or download pages to logged-in users only.\u003C\u002Fp>\n\u003Cp>If you face any problem installing and bringing this plugin to work, please contact us via \u003Ca href=\"https:\u002F\u002Fwww.pluginsandsnippets.com\u002Fsupport\u002F\" rel=\"nofollow ugc\">support\u003C\u002Fa>, and we will get back to you within 24 hours.\u003C\u002Fp>\n\u003Ch4>What can the plugin be used for?\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Building My Account Pages\u003C\u002Fstrong>: When you try to build My Account Pages, you might have noticed some pages using specific shortcodes (e.g. for Purchase History, Subscriptions, etc.) can still be accessed by Unauthorized Visitors. The pages typically show titles but empty Information below. This looks a bit strange and should not be allowed.\u003C\u002Fp>\n\u003Cp>Simple Page Access Restriction Plugin can easily restrict select My Account Pages by redirecting visitors to a specified login page instead.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Limiting Access for Visitors\u003C\u002Fstrong>: This plugin is very useful in restricting visitors on those web pages that must only be reserved for registered and logged-in users. Now with this plugin, you can select any page to restrict and redirect them to a specified login page very easily!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Like this plugin?\u003C\u002Fstrong> Consider leaving a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-page-access-restriction\u002Freviews\u002F\" rel=\"ugc\">5 star review\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>We also provide additional plugins to enhance your Easy Digital Downloads (EDD) or WooCommerce (WOO) store. Checkout our other plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.pluginsandsnippets.com\u002Fdownloads\u002Fupsellmaster\u002F?utm_source=docs&utm_medium=description_tab&utm_content=documentation&utm_campaign=readme\" rel=\"nofollow ugc\">UpsellMaster\u003C\u002Fa> automatically calculates suitable Upsell products in 1-click for each product.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.pluginsandsnippets.com\u002Fdownloads\u002Fedd-product-versions\u002F?utm_source=docs&utm_medium=installation_tab&utm_content=documentation&utm_campaign=readme\" rel=\"nofollow ugc\">EDD Product Versions\u003C\u002Fa> enables product versioning for all of your products and allows you to (1) generate additional revenues from selling updated download versions (existing customers can even be offered a discount for upgrading their products) as an alternative to selling subscriptions and\u002For (2) simply add a comprehensive archive of old download versions for easy reference to your customers. Plugin increases the monetization and customer retention of your webshop.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.pluginsandsnippets.com\u002Fdownloads\u002Ffreelancer-marketplace-plugin\u002F?utm_source=docs&utm_medium=description_tab&utm_content=documentation&utm_campaign=readme\" rel=\"nofollow ugc\">Freelancer Marketplace\u003C\u002Fa> plugin will help you build a freelancer marketplace for WordPress and Easy Digital Downloads.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.pluginsandsnippets.com\u002Fdownloads\u002Fedd-advanced-shortcodes\u002F?utm_source=docs&utm_medium=description_tab&utm_content=documentation&utm_campaign=readme\" rel=\"nofollow ugc\">EDD Advanced Shortcodes\u003C\u002Fa> provides additional shortcodes to enhance the functionality of your EDD store.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.pluginsandsnippets.com\u002Fdownloads\u002Fedd-landing-pages-for-categories-and-tags\u002F?utm_source=docs&utm_medium=description_tab&utm_content=documentation&utm_campaign=readme\" rel=\"nofollow ugc\">EDD Landing Pages for Categories and Tags\u003C\u002Fa> adds a text editor and an additional text field to your download category and tag pages.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.pluginsandsnippets.com\u002Fdownloads\u002Fedd-mailchimp-abandoned-cart-wordpress-plugin\u002F?utm_source=docs&utm_medium=description_tab&utm_content=documentation&utm_campaign=readme\" rel=\"nofollow ugc\">EDD Mailchimp Abandoned Cart WordPress Plugin\u003C\u002Fa> this plugin triggers email series in Mailchimp when customers abandon their carts. The plugin allows for recovering of lost sales and improves conversion.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.pluginsandsnippets.com\u002Fdownloads\u002Fedd-fes-statistics\u002F?utm_source=docs&utm_medium=description_tab&utm_content=documentation&utm_campaign=readme\" rel=\"nofollow ugc\">EDD FES Vendor Statistics\u003C\u002Fa> adds a page to the Vendor Dashboard to make it easier for the vendors to understand and monitor monthly commissions earned and payout status on their own.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.pluginsandsnippets.com\u002Fdownloads\u002Fedd-requests-plugin\u002F?utm_source=docs&utm_medium=description_tab&utm_content=documentation&utm_campaign=readme\" rel=\"nofollow ugc\">EDD Requests\u003C\u002Fa> this plugin helps you to trigger more engagement with your visitors by offering them a contact button on the download product and author page where they can quickly submit requests for assistance and upload attachments. Requests are added on tracking lists in the vendor and admin dashboards to ensure systematic follow-ups.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.pluginsandsnippets.com\u002Fdownloads\u002Fedd-custom-payment-status\u002F?utm_source=docs&utm_medium=description_tab&utm_content=documentation&utm_campaign=readme\" rel=\"nofollow ugc\">EDD Custom Payment Status\u003C\u002Fa> this plugin allows you to create custom payment statuses, which will be included in Earnings & Sales Reports.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.pluginsandsnippets.com\u002Fdownloads\u002Fmailchimp-vendor-email-trigger\u002F?utm_source=docs&utm_medium=description_tab&utm_content=documentation&utm_campaign=readme\" rel=\"nofollow ugc\">EDD Mailchimp Vendor Email Trigger\u003C\u002Fa> this plugin allows triggering an email series in Mailchimp upon registration of new vendors.\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin offers a simple way to restrict visits to select pages only to logged-in users and allows for page redirection to an existing login page.",6000,74499,98,30,"2026-02-26T21:29:00.000Z","4.4","5.6",[20,218,219,220,221],"page-access-restriction","page-redirect","page-restrict","page-restriction","https:\u002F\u002Fwww.pluginsandsnippets.com\u002Fdownloads\u002Fsimple-page-access-restriction\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-page-access-restriction.1.0.35.zip","2025-08-27 00:00:00",{"slug":226,"name":227,"version":228,"author":229,"author_profile":230,"description":231,"short_description":232,"active_installs":233,"downloaded":234,"rating":235,"num_ratings":236,"last_updated":237,"tested_up_to":16,"requires_at_least":238,"requires_php":216,"tags":239,"homepage":244,"download_link":245,"security_score":246,"vuln_count":247,"unpatched_count":29,"last_vuln_date":248,"fetched_at":31},"user-activity-tracking-and-log","User Activity Tracking and Log","4.2.1","Moove Agency","https:\u002F\u002Fprofiles.wordpress.org\u002Fmooveagency\u002F","\u003Cp>\u003Cstrong>Track user activity & duration on your website with this incredibly powerful, easy-to-use and well supported plugin.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin is privacy-friendly: it stores no cookies on users’ computers and therefore requires no cookie opt-in from users (unlike Google Analytics or Google Tag Manager).\u003C\u002Fp>\n\u003Cp>The plugin is especially useful for tracking users on membership sites, \u003Cstrong>LMS online learning systems\u003C\u002Fstrong> or \u003Cstrong>WooCommerce\u003C\u002Fstrong> sites. It can track both \u003Cstrong>logged-in\u003C\u002Fstrong> and \u003Cstrong>anonymous users\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>You can track \u003Cstrong>page visits\u003C\u002Fstrong>, \u003Cstrong>duration of the visit\u003C\u002Fstrong>, \u003Cstrong>login and logout time\u003C\u002Fstrong>, and you can even setup \u003Cstrong>event goal triggers\u003C\u002Fstrong> too (ie. click of a button, PDF download, mailto links and more).\u003C\u002Fp>\n\u003Cp>Our plugin will accurately track time spent on specific pages which is very useful when you’d like to monitor user’s reading time, video watching time, tracking time in LMS online learning system, or how long users look at your e-commerce product pages before purchasing.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Simple & intuitive\u003C\u002Fli>\n\u003Cli>Powerful search, export options, API endpoints\u003C\u002Fli>\n\u003Cli>Compatible with WooCommerce and other user registration plugins\u003C\u002Fli>\n\u003Cli>Tracks both logged-in and non logged-in users (ie. unknown users)\u003C\u002Fli>\n\u003Cli>GDPR \u002F CCPA \u002F privacy ready (IP address can be stored in anonymized format)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy-friendly\u003C\u002Fstrong>: stores no cookies on users’ computers \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Local Data Storage\u003C\u002Fstrong>: all user data is stored locally on your website only; we do not collect or store any of your user data on our servers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Premium Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Time tracking & Session Duration\u003C\u002Fstrong>: see the duration of user visits in the activity logs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login\u002Flogout time\u003C\u002Fstrong>: see the exact time when users login and logout from your site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Event goal tracking\u003C\u002Fstrong>: setup event goal triggers for various actions that users take on your site (ie. click on a specific button, PDF download, mailto links and more)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[NEW] Email notifications\u003C\u002Fstrong>: receive email notifications when an event was triggered \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto logout\u003C\u002Fstrong>: setup automatic logout for idle users to improve your analytics\u003C\u002Fli>\n\u003Cli>Track all \u003Cstrong>custom post-types and archives\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anonymize\u003C\u002Fstrong> IP addresses\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Export logs to CSV\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Track specific roles\u003C\u002Fstrong>: track logged-in users only or only certain roles such as subscribers \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rest API endpoints\u003C\u002Fstrong> for activity logs in JSON format\u003C\u002Fli>\n\u003Cli>Custom timezone\u003C\u002Fli>\n\u003Cli>Advanced Filters \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.mooveagency.com\u002Fwordpress-plugins\u002Fuser-activity-tracking-and-log\u002F\" rel=\"nofollow ugc\">Download the Premium Add-on here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Demo Video\u003C\u002Fh3>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F305493827\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch3>Event Triggers Video Tutorial\u003C\u002Fh3>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F551423323\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch3>Activity data that will be logged:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Login date and time\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Logout date and time\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Last seen\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Session Duration\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Username & email\u003C\u002Fstrong> (if user is logged-in)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User role\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Page name and URL\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP address\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Location\u003C\u002Fstrong> (by IP Address)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Referrer URL\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Testimonials\u003C\u002Fh3>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“Tried many, but this one had just what I wanted. I like this plugins feature set, minimal but exactly what I need to see. Helps me to send offers on a WooCommerce digital content site when I notice users are looking at a particular product often, but not purchasing. A little nudge helps and this plugin puts that info in a place I can easily see.” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Ftried-many-but-this-one-had-just-what-i-wanted\u002F\" rel=\"ugc\">Ryan\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“Simple to install & performs well. The reporting is clear and very useful!” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fsimple-to-install-performs-well\u002F\" rel=\"ugc\">hannahfinch\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“Very useful plugin!! I was looking for something to track users on our website. This plugin is exactly what I needed. You can track activity and users. You can see who visited which pages, and the referring page they came from. The premium version gives you even more useful features like tracking only users who are logged in, additional view options, and so on. Excellent plugin, highly recommended!!” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fvery-useful-plugin-771\u002F\" rel=\"ugc\">msiciliano\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>About us\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.mooveagency.com\u002F\" rel=\"nofollow ugc\">Moove Agency\u003C\u002Fa> is a premium supplier of quality WordPress plugins, services and support. \u003Ca href=\"https:\u002F\u002Fwww.mooveagency.com\u002Fwordpress-plugins\u002F\" rel=\"nofollow ugc\">Visit our site\u003C\u002Fa> to learn more.\u003C\u002Fp>\n","Track time and monitor user activity & history on your website, LMS online learning system, membership or WooCommerce site.",3000,143239,70,33,"2026-01-22T09:22:00.000Z","4.3",[21,240,241,242,243],"analytics","statistics","stats","time-tracking","http:\u002F\u002Fwww.mooveagency.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-activity-tracking-and-log.4.2.1.zip",99,2,"2024-01-29 00:00:00",{"attackSurface":250,"codeSignals":324,"taintFlows":1263,"riskAssessment":1396,"analyzedAt":1412},{"hooks":251,"ajaxHandlers":309,"restRoutes":318,"shortcodes":319,"cronEvents":320,"entryPointCount":247,"unprotectedCount":82},[252,258,263,268,271,273,276,279,281,284,287,291,293,296,299,302],{"type":253,"name":254,"callback":255,"priority":49,"file":256,"line":257},"action","whitelist_options","whitelist_custom_options_page","admin\\class-winter-activity-log-admin.php",864,{"type":253,"name":259,"callback":260,"file":261,"line":262},"wal_my_hourly_event","wal_do_this_hourly","includes\\class-winter-activity-log-logger.php",79,{"type":253,"name":264,"callback":265,"file":266,"line":267},"plugins_loaded","anonymous","includes\\class-winter-activity-log.php",168,{"type":253,"name":269,"callback":265,"file":266,"line":270},"admin_enqueue_scripts",182,{"type":253,"name":269,"callback":265,"file":266,"line":272},183,{"type":253,"name":274,"callback":265,"file":266,"line":275},"admin_menu",204,{"type":253,"name":277,"callback":265,"file":266,"line":278},"wp_enqueue_scripts",223,{"type":253,"name":277,"callback":265,"file":266,"line":280},224,{"type":253,"name":282,"callback":265,"file":266,"line":283},"init",274,{"type":253,"name":264,"callback":285,"file":266,"line":286},"Winter_Activity_Log_Activator",282,{"type":253,"name":282,"callback":288,"file":289,"line":290},"hooks","includes\\class-winterlock-review-request.php",50,{"type":253,"name":292,"callback":292,"file":289,"line":11},"admin_notices",{"type":253,"name":294,"callback":292,"file":289,"line":295},"network_admin_notices",61,{"type":253,"name":297,"callback":292,"file":289,"line":298},"user_admin_notices",62,{"type":253,"name":300,"callback":282,"file":301,"line":61},"wp_dashboard_setup","includes\\dash-widgets\\logs-list.php",{"type":303,"name":304,"callback":305,"priority":306,"file":307,"line":308},"filter","connect_message_on_update","winteractivitylog_custom_connect_message_on_update",10,"winterlock.php",142,[310,313],{"action":311,"nopriv":60,"callback":265,"hasNonce":60,"hasCapCheck":60,"file":266,"line":312},"winter_activity_log_action",186,{"action":314,"nopriv":60,"callback":315,"hasNonce":316,"hasCapCheck":60,"file":289,"line":317},"winterlock_review_action","ajax_handler",true,51,[],[],[321],{"hook":259,"callback":259,"file":322,"line":323},"includes\\class-winter-activity-log-activator.php",53,{"dangerousFunctions":325,"sqlUsage":416,"outputEscaping":466,"fileOperations":14,"externalRequests":29,"nonceChecks":104,"capabilityChecks":1254,"bundledLibraries":1255},[326,331,334,337,339,342,345,347,349,353,356,358,360,362,364,368,371,374,376,379,381,384,386,388,390,393,396,399,401,403,405,407,409,413],{"fn":327,"file":328,"line":329,"context":330},"unserialize","application\\controllers\\Wal_favouritelogs.php",81,"$request_data = unserialize($row->request_data);",{"fn":327,"file":328,"line":332,"context":333},92,"$header_data = unserialize($row->header_data);",{"fn":327,"file":335,"line":336,"context":330},"application\\controllers\\Wal_history.php",137,{"fn":327,"file":335,"line":338,"context":333},147,{"fn":327,"file":335,"line":340,"context":341},331,"'filter_par'=> json_encode(unserialize($filter['filter_par']))",{"fn":327,"file":343,"line":344,"context":330},"application\\controllers\\Winteractivitylog.php",150,{"fn":327,"file":343,"line":346,"context":333},161,{"fn":327,"file":343,"line":348,"context":341},340,{"fn":327,"file":350,"line":351,"context":352},"application\\models\\Report_m.php",140,"$data_row['request_data'] = unserialize($row->request_data);",{"fn":327,"file":350,"line":354,"context":355},141,"$data_row['header_data'] = unserialize($row->header_data);",{"fn":327,"file":350,"line":308,"context":357},"$data_row['other_data'] = unserialize($row->other_data);",{"fn":327,"file":350,"line":359,"context":352},256,{"fn":327,"file":350,"line":361,"context":355},257,{"fn":327,"file":350,"line":363,"context":357},258,{"fn":327,"file":365,"line":366,"context":367},"application\\views\\wal_controlsecurity\\control_log.php",173,"$log_data_array = unserialize($log_data->request_data);",{"fn":327,"file":365,"line":369,"context":370},175,"$request_data = unserialize($log_data->other_data);",{"fn":327,"file":365,"line":372,"context":373},246,"$request_data = unserialize($log_data->request_data);",{"fn":327,"file":365,"line":375,"context":373},302,{"fn":327,"file":365,"line":377,"context":378},363,"$request_data = unserialize($log_data->header_data)",{"fn":327,"file":380,"line":369,"context":333},"application\\views\\wal_dashwidgets\\logs_list.php",{"fn":327,"file":382,"line":332,"context":383},"application\\views\\wal_history\\edit_history.php","$request_data = unserialize($form_data->request_data);",{"fn":327,"file":382,"line":385,"context":383},125,{"fn":327,"file":382,"line":387,"context":383},172,{"fn":327,"file":382,"line":275,"context":389},"$request_data = unserialize($form_data->header_data)",{"fn":327,"file":382,"line":391,"context":392},236,"$form_data_array = unserialize($form_data->request_data);",{"fn":327,"file":382,"line":394,"context":395},238,"$request_data = unserialize($form_data->other_data);",{"fn":327,"file":397,"line":398,"context":383},"application\\views\\winteractivitylog\\edit_log.php",101,{"fn":327,"file":397,"line":400,"context":383},134,{"fn":327,"file":397,"line":402,"context":383},181,{"fn":327,"file":397,"line":404,"context":389},213,{"fn":327,"file":397,"line":406,"context":392},245,{"fn":327,"file":397,"line":408,"context":395},247,{"fn":327,"file":410,"line":411,"context":412},"includes\\helper-functions.php",378,"$request_data = unserialize( $row['request_data'] );",{"fn":327,"file":410,"line":414,"context":415},396,"$other_data = unserialize( $row['other_data'] );",{"prepared":49,"raw":417,"locations":418},24,[419,422,424,427,429,431,433,435,436,438,440,442,444,446,448,449,451,453,454,456,458,460,462,464],{"file":335,"line":420,"context":421},543,"$wpdb->query() with variable interpolation",{"file":335,"line":423,"context":421},544,{"file":335,"line":425,"context":426},556,"$wpdb->get_results() with variable interpolation",{"file":335,"line":428,"context":426},578,{"file":335,"line":430,"context":426},620,{"file":335,"line":432,"context":426},649,{"file":335,"line":434,"context":426},659,{"file":343,"line":141,"context":421},{"file":343,"line":437,"context":421},480,{"file":322,"line":439,"context":426},222,{"file":322,"line":441,"context":421},226,{"file":322,"line":443,"context":426},235,{"file":322,"line":445,"context":421},239,{"file":322,"line":447,"context":426},242,{"file":322,"line":372,"context":421},{"file":322,"line":450,"context":426},255,{"file":322,"line":452,"context":421},259,{"file":261,"line":298,"context":421},{"file":261,"line":455,"context":421},64,{"file":261,"line":457,"context":426},304,{"file":261,"line":459,"context":426},305,{"file":261,"line":461,"context":421},623,{"file":261,"line":463,"context":426},637,{"file":261,"line":465,"context":421},721,{"escaped":467,"rawEcho":468,"locations":469},600,507,[470,473,475,477,479,481,484,486,489,491,493,496,497,499,501,503,505,507,510,513,515,518,520,522,523,525,527,529,531,533,535,537,539,541,544,546,547,549,550,552,554,556,557,558,560,561,563,564,566,567,569,571,573,575,577,579,580,582,584,586,588,590,591,592,594,596,598,600,602,604,606,608,609,611,613,615,617,619,621,622,624,626,627,628,630,631,632,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,653,654,656,658,660,662,663,665,667,669,670,672,674,676,678,679,681,683,685,687,689,691,693,694,696,697,698,699,700,701,703,705,707,708,709,711,712,713,715,716,718,720,721,722,723,725,727,729,731,733,735,737,739,741,743,745,747,749,751,753,755,757,759,761,763,765,767,769,771,773,775,777,779,781,783,785,786,788,789,791,793,795,797,799,801,803,805,807,809,811,813,815,817,819,821,823,825,827,829,831,833,834,836,837,839,841,842,843,844,845,846,847,848,850,852,854,856,858,860,861,862,863,865,866,867,868,869,870,871,872,873,874,875,876,877,879,880,881,882,884,885,887,888,889,891,892,894,896,897,898,899,901,902,903,905,906,907,908,909,910,911,912,913,914,915,916,918,919,920,921,923,924,926,928,930,931,933,934,935,937,939,941,942,943,944,946,948,950,951,952,954,956,958,960,961,963,964,965,966,968,970,971,972,973,974,976,978,979,980,981,982,983,984,985,986,987,988,989,990,991,992,994,996,998,1000,1002,1004,1006,1007,1009,1011,1013,1015,1016,1017,1018,1019,1020,1021,1022,1023,1024,1025,1026,1027,1029,1030,1031,1032,1033,1034,1036,1037,1038,1039,1040,1041,1042,1044,1045,1046,1048,1050,1051,1052,1053,1054,1055,1056,1058,1059,1060,1061,1062,1064,1066,1067,1068,1070,1071,1072,1074,1076,1078,1080,1081,1083,1084,1085,1086,1088,1090,1091,1093,1095,1097,1098,1100,1101,1102,1104,1106,1107,1109,1110,1111,1112,1113,1114,1115,1116,1118,1119,1120,1121,1122,1124,1125,1126,1127,1128,1130,1131,1132,1133,1134,1135,1136,1137,1139,1141,1142,1143,1145,1147,1148,1149,1151,1153,1154,1155,1157,1158,1159,1160,1161,1163,1165,1167,1168,1170,1172,1174,1175,1177,1178,1180,1182,1183,1185,1187,1189,1190,1192,1193,1194,1195,1197,1198,1199,1201,1202,1203,1204,1205,1206,1208,1209,1210,1212,1214,1216,1218,1220,1221,1223,1224,1226,1228,1230,1232,1234,1236,1238,1239,1241,1243,1245,1246,1248,1250,1252],{"file":256,"line":471,"context":472},995,"raw output",{"file":256,"line":474,"context":472},1003,{"file":256,"line":476,"context":472},1018,{"file":256,"line":478,"context":472},1019,{"file":256,"line":480,"context":472},1020,{"file":482,"line":483,"context":472},"application\\controllers\\Wal_cloudintegration.php",381,{"file":482,"line":485,"context":472},421,{"file":487,"line":488,"context":472},"application\\controllers\\Wal_controlsecurity.php",132,{"file":487,"line":490,"context":472},153,{"file":487,"line":492,"context":472},189,{"file":494,"line":495,"context":472},"application\\controllers\\Wal_disabledlogs.php",128,{"file":328,"line":492,"context":472},{"file":335,"line":498,"context":472},248,{"file":335,"line":500,"context":472},301,{"file":335,"line":502,"context":472},345,{"file":335,"line":504,"context":472},388,{"file":335,"line":506,"context":472},424,{"file":508,"line":509,"context":472},"application\\controllers\\Wal_logalerts.php",129,{"file":511,"line":512,"context":472},"application\\controllers\\Wal_reports.php",228,{"file":511,"line":514,"context":472},264,{"file":516,"line":517,"context":472},"application\\controllers\\Wal_usersessions.php",121,{"file":516,"line":519,"context":472},298,{"file":516,"line":521,"context":472},339,{"file":343,"line":363,"context":472},{"file":343,"line":524,"context":472},310,{"file":343,"line":526,"context":472},354,{"file":343,"line":528,"context":472},398,{"file":343,"line":530,"context":472},438,{"file":343,"line":532,"context":472},490,{"file":350,"line":534,"context":472},332,{"file":350,"line":536,"context":472},408,{"file":350,"line":538,"context":472},461,{"file":350,"line":540,"context":472},485,{"file":542,"line":543,"context":472},"application\\views\\wal_cloudintegration\\cloud_edit.php",20,{"file":542,"line":545,"context":472},32,{"file":542,"line":317,"context":472},{"file":542,"line":548,"context":472},59,{"file":542,"line":295,"context":472},{"file":542,"line":551,"context":472},66,{"file":542,"line":553,"context":472},68,{"file":542,"line":555,"context":472},69,{"file":542,"line":165,"context":472},{"file":542,"line":127,"context":472},{"file":542,"line":559,"context":472},77,{"file":542,"line":152,"context":472},{"file":542,"line":562,"context":472},84,{"file":542,"line":177,"context":472},{"file":542,"line":565,"context":472},90,{"file":542,"line":332,"context":472},{"file":542,"line":568,"context":472},93,{"file":542,"line":570,"context":472},104,{"file":542,"line":572,"context":472},112,{"file":542,"line":574,"context":472},114,{"file":542,"line":576,"context":472},115,{"file":542,"line":578,"context":472},123,{"file":542,"line":385,"context":472},{"file":542,"line":581,"context":472},133,{"file":542,"line":583,"context":472},148,{"file":542,"line":585,"context":472},154,{"file":542,"line":587,"context":472},160,{"file":542,"line":589,"context":472},166,{"file":542,"line":387,"context":472},{"file":542,"line":270,"context":472},{"file":542,"line":593,"context":472},184,{"file":542,"line":595,"context":472},191,{"file":542,"line":597,"context":472},194,{"file":542,"line":599,"context":472},202,{"file":601,"line":543,"context":472},"application\\views\\wal_cloudintegration\\cloud_test.php",{"file":601,"line":603,"context":472},25,{"file":601,"line":605,"context":472},37,{"file":601,"line":607,"context":472},41,{"file":601,"line":548,"context":472},{"file":601,"line":610,"context":472},63,{"file":601,"line":612,"context":472},75,{"file":601,"line":614,"context":472},78,{"file":616,"line":104,"context":472},"application\\views\\wal_cloudintegration\\index.php",{"file":616,"line":618,"context":472},26,{"file":616,"line":620,"context":472},31,{"file":616,"line":607,"context":472},{"file":616,"line":623,"context":472},54,{"file":616,"line":625,"context":472},57,{"file":616,"line":11,"context":472},{"file":616,"line":562,"context":472},{"file":616,"line":629,"context":472},87,{"file":616,"line":140,"context":472},{"file":616,"line":338,"context":472},{"file":633,"line":543,"context":472},"application\\views\\wal_cloudintegration\\mysql_edit.php",{"file":633,"line":545,"context":472},{"file":633,"line":317,"context":472},{"file":633,"line":548,"context":472},{"file":633,"line":295,"context":472},{"file":633,"line":551,"context":472},{"file":633,"line":553,"context":472},{"file":633,"line":555,"context":472},{"file":633,"line":165,"context":472},{"file":633,"line":127,"context":472},{"file":633,"line":559,"context":472},{"file":633,"line":152,"context":472},{"file":633,"line":562,"context":472},{"file":633,"line":177,"context":472},{"file":633,"line":565,"context":472},{"file":633,"line":332,"context":472},{"file":633,"line":568,"context":472},{"file":633,"line":212,"context":472},{"file":633,"line":652,"context":472},100,{"file":633,"line":398,"context":472},{"file":633,"line":655,"context":472},106,{"file":633,"line":657,"context":472},108,{"file":633,"line":659,"context":472},109,{"file":633,"line":661,"context":472},120,{"file":633,"line":495,"context":472},{"file":633,"line":664,"context":472},130,{"file":633,"line":666,"context":472},131,{"file":633,"line":668,"context":472},139,{"file":633,"line":354,"context":472},{"file":633,"line":671,"context":472},149,{"file":633,"line":673,"context":472},164,{"file":633,"line":675,"context":472},170,{"file":633,"line":677,"context":472},176,{"file":633,"line":270,"context":472},{"file":633,"line":680,"context":472},188,{"file":633,"line":682,"context":472},198,{"file":633,"line":684,"context":472},200,{"file":633,"line":686,"context":472},207,{"file":633,"line":688,"context":472},210,{"file":633,"line":690,"context":472},218,{"file":633,"line":692,"context":472},219,{"file":633,"line":439,"context":472},{"file":695,"line":543,"context":472},"application\\views\\wal_cloudintegration\\mysql_test.php",{"file":695,"line":603,"context":472},{"file":695,"line":605,"context":472},{"file":695,"line":607,"context":472},{"file":695,"line":625,"context":472},{"file":695,"line":657,"context":472},{"file":365,"line":702,"context":472},46,{"file":365,"line":704,"context":472},58,{"file":365,"line":706,"context":472},67,{"file":365,"line":200,"context":472},{"file":365,"line":562,"context":472},{"file":365,"line":710,"context":472},103,{"file":365,"line":570,"context":472},{"file":365,"line":576,"context":472},{"file":365,"line":714,"context":472},136,{"file":365,"line":583,"context":472},{"file":365,"line":717,"context":472},152,{"file":365,"line":719,"context":472},163,{"file":365,"line":686,"context":472},{"file":365,"line":692,"context":472},{"file":365,"line":278,"context":472},{"file":365,"line":724,"context":472},234,{"file":365,"line":726,"context":472},263,{"file":365,"line":728,"context":472},275,{"file":365,"line":730,"context":472},279,{"file":365,"line":732,"context":472},290,{"file":365,"line":734,"context":472},321,{"file":365,"line":736,"context":472},333,{"file":365,"line":738,"context":472},337,{"file":365,"line":740,"context":472},348,{"file":365,"line":742,"context":472},375,{"file":365,"line":744,"context":472},387,{"file":365,"line":746,"context":472},391,{"file":365,"line":748,"context":472},402,{"file":365,"line":750,"context":472},439,{"file":365,"line":752,"context":472},458,{"file":365,"line":754,"context":472},462,{"file":365,"line":756,"context":472},477,{"file":365,"line":758,"context":472},519,{"file":365,"line":760,"context":472},538,{"file":365,"line":762,"context":472},542,{"file":365,"line":764,"context":472},557,{"file":365,"line":766,"context":472},590,{"file":365,"line":768,"context":472},598,{"file":365,"line":770,"context":472},603,{"file":365,"line":772,"context":472},610,{"file":365,"line":774,"context":472},626,{"file":365,"line":776,"context":472},638,{"file":365,"line":778,"context":472},642,{"file":365,"line":780,"context":472},653,{"file":365,"line":782,"context":472},660,{"file":365,"line":784,"context":472},662,{"file":365,"line":784,"context":472},{"file":365,"line":787,"context":472},663,{"file":365,"line":787,"context":472},{"file":365,"line":790,"context":472},685,{"file":365,"line":792,"context":472},693,{"file":365,"line":794,"context":472},694,{"file":365,"line":796,"context":472},695,{"file":365,"line":798,"context":472},696,{"file":365,"line":800,"context":472},706,{"file":365,"line":802,"context":472},711,{"file":365,"line":804,"context":472},712,{"file":365,"line":806,"context":472},724,{"file":365,"line":808,"context":472},729,{"file":365,"line":810,"context":472},730,{"file":365,"line":812,"context":472},734,{"file":365,"line":814,"context":472},748,{"file":365,"line":816,"context":472},755,{"file":365,"line":818,"context":472},756,{"file":365,"line":820,"context":472},757,{"file":365,"line":822,"context":472},758,{"file":365,"line":824,"context":472},767,{"file":365,"line":826,"context":472},776,{"file":365,"line":828,"context":472},844,{"file":365,"line":830,"context":472},845,{"file":832,"line":543,"context":472},"application\\views\\wal_controlsecurity\\index.php",{"file":832,"line":603,"context":472},{"file":832,"line":835,"context":472},36,{"file":832,"line":605,"context":472},{"file":832,"line":838,"context":472},39,{"file":832,"line":840,"context":472},49,{"file":832,"line":290,"context":472},{"file":832,"line":317,"context":472},{"file":832,"line":323,"context":472},{"file":832,"line":298,"context":472},{"file":832,"line":610,"context":472},{"file":832,"line":555,"context":472},{"file":832,"line":666,"context":472},{"file":380,"line":849,"context":472},145,{"file":380,"line":851,"context":472},155,{"file":380,"line":853,"context":472},156,{"file":380,"line":855,"context":472},157,{"file":380,"line":857,"context":472},158,{"file":380,"line":859,"context":472},231,{"file":380,"line":859,"context":472},{"file":380,"line":859,"context":472},{"file":380,"line":445,"context":472},{"file":864,"line":543,"context":472},"application\\views\\wal_disabledlogs\\index.php",{"file":864,"line":603,"context":472},{"file":864,"line":835,"context":472},{"file":864,"line":605,"context":472},{"file":864,"line":838,"context":472},{"file":864,"line":840,"context":472},{"file":864,"line":290,"context":472},{"file":864,"line":317,"context":472},{"file":864,"line":323,"context":472},{"file":864,"line":298,"context":472},{"file":864,"line":610,"context":472},{"file":864,"line":553,"context":472},{"file":864,"line":385,"context":472},{"file":878,"line":543,"context":472},"application\\views\\wal_favouritelogs\\index.php",{"file":878,"line":603,"context":472},{"file":878,"line":835,"context":472},{"file":878,"line":605,"context":472},{"file":878,"line":883,"context":472},38,{"file":878,"line":838,"context":472},{"file":878,"line":886,"context":472},40,{"file":878,"line":607,"context":472},{"file":878,"line":317,"context":472},{"file":878,"line":890,"context":472},52,{"file":878,"line":323,"context":472},{"file":878,"line":893,"context":472},55,{"file":878,"line":895,"context":472},56,{"file":878,"line":625,"context":472},{"file":878,"line":551,"context":472},{"file":878,"line":706,"context":472},{"file":878,"line":900,"context":472},72,{"file":878,"line":509,"context":472},{"file":382,"line":213,"context":472},{"file":382,"line":904,"context":472},44,{"file":382,"line":317,"context":472},{"file":382,"line":317,"context":472},{"file":382,"line":13,"context":472},{"file":382,"line":652,"context":472},{"file":382,"line":652,"context":472},{"file":382,"line":659,"context":472},{"file":382,"line":517,"context":472},{"file":382,"line":581,"context":472},{"file":382,"line":581,"context":472},{"file":382,"line":853,"context":472},{"file":382,"line":267,"context":472},{"file":382,"line":917,"context":472},179,{"file":382,"line":917,"context":472},{"file":382,"line":680,"context":472},{"file":382,"line":684,"context":472},{"file":382,"line":922,"context":472},211,{"file":382,"line":922,"context":472},{"file":382,"line":925,"context":472},220,{"file":382,"line":927,"context":472},232,{"file":382,"line":929,"context":472},260,{"file":382,"line":929,"context":472},{"file":382,"line":932,"context":472},269,{"file":382,"line":500,"context":472},{"file":382,"line":500,"context":472},{"file":382,"line":936,"context":472},325,{"file":382,"line":938,"context":472},326,{"file":382,"line":940,"context":472},327,{"file":382,"line":738,"context":472},{"file":382,"line":348,"context":472},{"file":382,"line":348,"context":472},{"file":382,"line":945,"context":472},353,{"file":382,"line":947,"context":472},358,{"file":382,"line":949,"context":472},370,{"file":382,"line":949,"context":472},{"file":382,"line":504,"context":472},{"file":382,"line":953,"context":472},389,{"file":382,"line":955,"context":472},390,{"file":382,"line":957,"context":472},403,{"file":382,"line":959,"context":472},416,{"file":382,"line":485,"context":472},{"file":962,"line":104,"context":472},"application\\views\\wal_history\\index.php",{"file":962,"line":603,"context":472},{"file":962,"line":618,"context":472},{"file":962,"line":618,"context":472},{"file":962,"line":967,"context":472},27,{"file":962,"line":969,"context":472},28,{"file":962,"line":969,"context":472},{"file":962,"line":236,"context":472},{"file":962,"line":835,"context":472},{"file":962,"line":605,"context":472},{"file":962,"line":975,"context":472},47,{"file":962,"line":977,"context":472},48,{"file":962,"line":840,"context":472},{"file":962,"line":290,"context":472},{"file":962,"line":317,"context":472},{"file":962,"line":890,"context":472},{"file":962,"line":298,"context":472},{"file":962,"line":610,"context":472},{"file":962,"line":455,"context":472},{"file":962,"line":551,"context":472},{"file":962,"line":706,"context":472},{"file":962,"line":553,"context":472},{"file":962,"line":900,"context":472},{"file":962,"line":164,"context":472},{"file":962,"line":164,"context":472},{"file":962,"line":629,"context":472},{"file":962,"line":993,"context":472},285,{"file":962,"line":995,"context":472},300,{"file":962,"line":997,"context":472},306,{"file":962,"line":999,"context":472},322,{"file":962,"line":1001,"context":472},330,{"file":962,"line":1003,"context":472},334,{"file":962,"line":1005,"context":472},335,{"file":962,"line":348,"context":472},{"file":962,"line":1008,"context":472},361,{"file":962,"line":1010,"context":472},368,{"file":962,"line":1012,"context":472},437,{"file":1014,"line":543,"context":472},"application\\views\\wal_logalerts\\index.php",{"file":1014,"line":603,"context":472},{"file":1014,"line":835,"context":472},{"file":1014,"line":605,"context":472},{"file":1014,"line":838,"context":472},{"file":1014,"line":840,"context":472},{"file":1014,"line":290,"context":472},{"file":1014,"line":317,"context":472},{"file":1014,"line":323,"context":472},{"file":1014,"line":298,"context":472},{"file":1014,"line":610,"context":472},{"file":1014,"line":553,"context":472},{"file":1014,"line":385,"context":472},{"file":1028,"line":124,"context":472},"application\\views\\wal_related\\index.php",{"file":1028,"line":306,"context":472},{"file":1028,"line":417,"context":472},{"file":1028,"line":620,"context":472},{"file":1028,"line":620,"context":472},{"file":1028,"line":236,"context":472},{"file":1035,"line":104,"context":472},"application\\views\\wal_reports\\index.php",{"file":1035,"line":603,"context":472},{"file":1035,"line":236,"context":472},{"file":1035,"line":702,"context":472},{"file":1035,"line":840,"context":472},{"file":1035,"line":890,"context":472},{"file":1035,"line":893,"context":472},{"file":1035,"line":1043,"context":472},80,{"file":1035,"line":200,"context":472},{"file":1035,"line":565,"context":472},{"file":1035,"line":1047,"context":472},144,{"file":1049,"line":543,"context":472},"application\\views\\wal_reports\\report_edit.php",{"file":1049,"line":545,"context":472},{"file":1049,"line":317,"context":472},{"file":1049,"line":548,"context":472},{"file":1049,"line":295,"context":472},{"file":1049,"line":551,"context":472},{"file":1049,"line":553,"context":472},{"file":1049,"line":1057,"context":472},73,{"file":1049,"line":659,"context":472},{"file":1049,"line":488,"context":472},{"file":1049,"line":351,"context":472},{"file":1049,"line":308,"context":472},{"file":1049,"line":1063,"context":472},143,{"file":1049,"line":1065,"context":472},151,{"file":1049,"line":490,"context":472},{"file":1049,"line":585,"context":472},{"file":1049,"line":1069,"context":472},162,{"file":1049,"line":673,"context":472},{"file":1049,"line":387,"context":472},{"file":1049,"line":1073,"context":472},187,{"file":1049,"line":1075,"context":472},193,{"file":1049,"line":1077,"context":472},199,{"file":1049,"line":1079,"context":472},205,{"file":1049,"line":922,"context":472},{"file":1049,"line":1082,"context":472},221,{"file":1049,"line":278,"context":472},{"file":1049,"line":859,"context":472},{"file":1049,"line":394,"context":472},{"file":1049,"line":1087,"context":472},244,{"file":1049,"line":1089,"context":472},252,{"file":1049,"line":929,"context":472},{"file":1049,"line":1092,"context":472},266,{"file":1049,"line":1094,"context":472},273,{"file":1049,"line":1096,"context":472},276,{"file":1049,"line":1096,"context":472},{"file":1049,"line":1099,"context":472},277,{"file":1049,"line":1099,"context":472},{"file":1049,"line":286,"context":472},{"file":1049,"line":1103,"context":472},291,{"file":1049,"line":1105,"context":472},317,{"file":1049,"line":940,"context":472},{"file":1108,"line":543,"context":472},"application\\views\\wal_usersessions\\index.php",{"file":1108,"line":603,"context":472},{"file":1108,"line":835,"context":472},{"file":1108,"line":605,"context":472},{"file":1108,"line":883,"context":472},{"file":1108,"line":838,"context":472},{"file":1108,"line":886,"context":472},{"file":1108,"line":455,"context":472},{"file":1108,"line":1117,"context":472},65,{"file":1108,"line":1117,"context":472},{"file":1108,"line":551,"context":472},{"file":1108,"line":900,"context":472},{"file":1108,"line":165,"context":472},{"file":1108,"line":1123,"context":472},122,{"file":397,"line":886,"context":472},{"file":397,"line":623,"context":472},{"file":397,"line":295,"context":472},{"file":397,"line":295,"context":472},{"file":397,"line":1129,"context":472},97,{"file":397,"line":659,"context":472},{"file":397,"line":659,"context":472},{"file":397,"line":126,"context":472},{"file":397,"line":664,"context":472},{"file":397,"line":308,"context":472},{"file":397,"line":308,"context":472},{"file":397,"line":671,"context":472},{"file":397,"line":1138,"context":472},165,{"file":397,"line":1140,"context":472},177,{"file":397,"line":680,"context":472},{"file":397,"line":680,"context":472},{"file":397,"line":1144,"context":472},197,{"file":397,"line":1146,"context":472},209,{"file":397,"line":925,"context":472},{"file":397,"line":925,"context":472},{"file":397,"line":1150,"context":472},229,{"file":397,"line":1152,"context":472},241,{"file":397,"line":932,"context":472},{"file":397,"line":932,"context":472},{"file":397,"line":1156,"context":472},278,{"file":397,"line":524,"context":472},{"file":397,"line":524,"context":472},{"file":397,"line":1003,"context":472},{"file":397,"line":1005,"context":472},{"file":397,"line":1162,"context":472},336,{"file":397,"line":1164,"context":472},346,{"file":397,"line":1166,"context":472},349,{"file":397,"line":1166,"context":472},{"file":397,"line":1169,"context":472},362,{"file":397,"line":1171,"context":472},367,{"file":397,"line":1173,"context":472},379,{"file":397,"line":1173,"context":472},{"file":397,"line":1176,"context":472},397,{"file":397,"line":528,"context":472},{"file":397,"line":1179,"context":472},399,{"file":397,"line":1181,"context":472},412,{"file":397,"line":1181,"context":472},{"file":397,"line":1184,"context":472},425,{"file":397,"line":1186,"context":472},430,{"file":1188,"line":623,"context":472},"application\\views\\winteractivitylog\\index.php",{"file":1188,"line":11,"context":472},{"file":1188,"line":1191,"context":472},71,{"file":1188,"line":164,"context":472},{"file":1188,"line":27,"context":472},{"file":1188,"line":570,"context":472},{"file":1188,"line":1196,"context":472},113,{"file":1188,"line":1123,"context":472},{"file":1188,"line":666,"context":472},{"file":1188,"line":1200,"context":472},146,{"file":1188,"line":717,"context":472},{"file":1188,"line":346,"context":472},{"file":1188,"line":917,"context":472},{"file":1188,"line":680,"context":472},{"file":1188,"line":1144,"context":472},{"file":1188,"line":1207,"context":472},206,{"file":1188,"line":512,"context":472},{"file":1188,"line":443,"context":472},{"file":1188,"line":1211,"context":472},237,{"file":1188,"line":1213,"context":472},240,{"file":1188,"line":1215,"context":472},243,{"file":1188,"line":1217,"context":472},401,{"file":1188,"line":1219,"context":472},420,{"file":1188,"line":1186,"context":472},{"file":1188,"line":1222,"context":472},448,{"file":1188,"line":752,"context":472},{"file":1188,"line":1225,"context":472},464,{"file":1188,"line":1227,"context":472},467,{"file":1188,"line":1229,"context":472},474,{"file":1188,"line":1231,"context":472},501,{"file":1188,"line":1233,"context":472},510,{"file":1188,"line":1235,"context":472},582,{"file":1188,"line":1237,"context":472},1016,{"file":1188,"line":480,"context":472},{"file":1188,"line":1240,"context":472},1023,{"file":1188,"line":1242,"context":472},1026,{"file":1188,"line":1244,"context":472},1029,{"file":1188,"line":191,"context":472},{"file":1188,"line":1247,"context":472},1035,{"file":1188,"line":1249,"context":472},1042,{"file":289,"line":1251,"context":472},373,{"file":289,"line":1253,"context":472},451,16,[1256,1259],{"name":1257,"version":39,"knownCves":1258},"DataTables",[],{"name":1260,"version":1261,"knownCves":1262},"Freemius","1.0",[],[1264,1280,1298,1324,1333,1341,1349,1357,1370,1383],{"entryPoint":1265,"graph":1266,"unsanitizedCount":247,"severity":42},"whitelist_custom_options_page (admin\\class-winter-activity-log-admin.php:865)",{"nodes":1267,"edges":1278},[1268,1273],{"id":1269,"type":1270,"label":1271,"file":256,"line":1272},"n0","source","$_POST['sw_option_redirect'] (x2)",873,{"id":1274,"type":1275,"label":1276,"file":256,"line":1272,"wp_function":1277},"n1","sink","wp_redirect() [Open Redirect]","wp_redirect",[1279],{"from":1269,"to":1274,"sanitized":60},{"entryPoint":1281,"graph":1282,"unsanitizedCount":247,"severity":42},"\u003Cclass-winter-activity-log-admin> (admin\\class-winter-activity-log-admin.php:0)",{"nodes":1283,"edges":1295},[1284,1285,1286,1290],{"id":1269,"type":1270,"label":1271,"file":256,"line":1272},{"id":1274,"type":1275,"label":1276,"file":256,"line":1272,"wp_function":1277},{"id":1287,"type":1270,"label":1288,"file":256,"line":1289},"n2","$_SERVER",1010,{"id":1291,"type":1275,"label":1292,"file":256,"line":1293,"wp_function":1294},"n3","echo() [XSS]",1012,"echo",[1296,1297],{"from":1269,"to":1274,"sanitized":60},{"from":1287,"to":1291,"sanitized":316},{"entryPoint":1299,"graph":1300,"unsanitizedCount":28,"severity":42},"\u003Creport_edit> (application\\views\\wal_reports\\report_edit.php:0)",{"nodes":1301,"edges":1319},[1302,1304,1305,1307,1308,1311,1315],{"id":1269,"type":1270,"label":1303,"file":1049,"line":605},"$_GET",{"id":1274,"type":1275,"label":1292,"file":1049,"line":838,"wp_function":1294},{"id":1287,"type":1270,"label":1306,"file":1049,"line":1096},"$_GET['id'] (x2)",{"id":1291,"type":1275,"label":1292,"file":1049,"line":1096,"wp_function":1294},{"id":1309,"type":1270,"label":1310,"file":1049,"line":605},"n4","$_GET['id']",{"id":1312,"type":1313,"label":1314,"file":1049,"line":605},"n5","transform","→ report_sendemail()",{"id":1316,"type":1275,"label":1317,"file":350,"line":346,"wp_function":1318},"n6","fopen() [File Access]","fopen",[1320,1321,1322,1323],{"from":1269,"to":1274,"sanitized":60},{"from":1287,"to":1291,"sanitized":60},{"from":1309,"to":1312,"sanitized":60},{"from":1312,"to":1316,"sanitized":60},{"entryPoint":1325,"graph":1326,"unsanitizedCount":29,"severity":1332},"sw_wal_log_events_print (admin\\class-winter-activity-log-admin.php:992)",{"nodes":1327,"edges":1330},[1328,1329],{"id":1269,"type":1270,"label":1288,"file":256,"line":1289},{"id":1274,"type":1275,"label":1292,"file":256,"line":1293,"wp_function":1294},[1331],{"from":1269,"to":1274,"sanitized":316},"low",{"entryPoint":1334,"graph":1335,"unsanitizedCount":29,"severity":1332},"\u003Ccontrol_log> (application\\views\\wal_controlsecurity\\control_log.php:0)",{"nodes":1336,"edges":1339},[1337,1338],{"id":1269,"type":1270,"label":1303,"file":365,"line":835},{"id":1274,"type":1275,"label":1292,"file":365,"line":570,"wp_function":1294},[1340],{"from":1269,"to":1274,"sanitized":316},{"entryPoint":1342,"graph":1343,"unsanitizedCount":29,"severity":1332},"\u003Cindex> (application\\views\\wal_history\\index.php:0)",{"nodes":1344,"edges":1347},[1345,1346],{"id":1269,"type":1270,"label":1303,"file":962,"line":551},{"id":1274,"type":1275,"label":1292,"file":962,"line":551,"wp_function":1294},[1348],{"from":1269,"to":1274,"sanitized":316},{"entryPoint":1350,"graph":1351,"unsanitizedCount":29,"severity":1332},"\u003Cindex> (application\\views\\winteractivitylog\\index.php:0)",{"nodes":1352,"edges":1355},[1353,1354],{"id":1269,"type":1270,"label":1303,"file":1188,"line":1140},{"id":1274,"type":1275,"label":1292,"file":1188,"line":1140,"wp_function":1294},[1356],{"from":1269,"to":1274,"sanitized":316},{"entryPoint":1358,"graph":1359,"unsanitizedCount":82,"severity":1369},"sessions_log (includes\\class-winter-activity-log-logger.php:88)",{"nodes":1360,"edges":1367},[1361,1363],{"id":1269,"type":1270,"label":1362,"file":261,"line":1075},"$_POST",{"id":1274,"type":1275,"label":1364,"file":261,"line":1365,"wp_function":1366},"get_row() [SQLi]",212,"get_row",[1368],{"from":1269,"to":1274,"sanitized":60},"high",{"entryPoint":1371,"graph":1372,"unsanitizedCount":82,"severity":1369},"activity_log_request (includes\\class-winter-activity-log-logger.php:559)",{"nodes":1373,"edges":1380},[1374,1376,1378],{"id":1269,"type":1270,"label":1288,"file":261,"line":1375},771,{"id":1274,"type":1313,"label":1377,"file":261,"line":1375},"→ wal_generate_description()",{"id":1287,"type":1275,"label":1379,"file":410,"line":414,"wp_function":327},"unserialize() [Object Injection]",[1381,1382],{"from":1269,"to":1274,"sanitized":60},{"from":1274,"to":1287,"sanitized":60},{"entryPoint":1384,"graph":1385,"unsanitizedCount":247,"severity":1369},"\u003Cclass-winter-activity-log-logger> (includes\\class-winter-activity-log-logger.php:0)",{"nodes":1386,"edges":1392},[1387,1388,1389,1390,1391],{"id":1269,"type":1270,"label":1362,"file":261,"line":1075},{"id":1274,"type":1275,"label":1364,"file":261,"line":1365,"wp_function":1366},{"id":1287,"type":1270,"label":1288,"file":261,"line":1375},{"id":1291,"type":1313,"label":1377,"file":261,"line":1375},{"id":1309,"type":1275,"label":1379,"file":410,"line":414,"wp_function":327},[1393,1394,1395],{"from":1269,"to":1274,"sanitized":60},{"from":1287,"to":1291,"sanitized":60},{"from":1291,"to":1309,"sanitized":60},{"summary":1397,"deductions":1398},"The \"winterlock\" plugin version 1.2.9 presents a mixed security posture. While it has a considerable number of proper output escaping implementations and nonce checks, several concerning areas remain. The static analysis reveals an attack surface with two AJAX handlers, one of which lacks authentication checks, posing a direct risk. Furthermore, the presence of 34 instances of dangerous functions, particularly 'unserialize', suggests a potential for deserialization vulnerabilities if not handled with extreme care. The taint analysis highlights three high-severity flows with unsanitized paths, indicating potential for injection attacks. The vulnerability history shows three past medium-severity vulnerabilities, including missing authorization, CSRF, and XSS, which, despite being patched, indicate a pattern of past security weaknesses. The fact that the last vulnerability was in the future (2026-02-11) is an anomaly in the data and should be disregarded for accurate assessment of current risk. Overall, the plugin has some good security practices, but the unprotected AJAX handler, high-severity taint flows, and the history of past vulnerabilities warrant careful consideration and remediation.",[1399,1401,1404,1406,1408,1410],{"reason":1400,"points":306},"AJAX handler without auth checks",{"reason":1402,"points":1403},"High severity unsanitized taint flows",15,{"reason":1405,"points":124},"Unescaped output percentage is low",{"reason":1407,"points":124},"SQL queries not fully prepared",{"reason":1409,"points":61},"Bundled Freemius v1.0 library",{"reason":1411,"points":61},"Bundled DataTables library","2026-03-16T21:43:47.614Z",{"wat":1414,"direct":1425},{"assetPaths":1415,"generatorPatterns":1419,"scriptPaths":1420,"versionParams":1421},[1416,1417,1418],"\u002Fwp-content\u002Fplugins\u002Fwinterlock\u002Fadmin\u002Fcss\u002Fwinter-activity-log-admin.css","\u002Fwp-content\u002Fplugins\u002Fwinterlock\u002Fpublic\u002Fcss\u002Fwinter-activity-log-public.css","\u002Fwp-content\u002Fplugins\u002Fwinterlock\u002Fpublic\u002Fjs\u002Fwinter-activity-log-public.js",[],[1418],[1422,1423,1424],"winterlock\u002Fcss\u002Fwinter-activity-log-admin.css?ver=","winterlock\u002Fcss\u002Fwinter-activity-log-public.css?ver=","winterlock\u002Fjs\u002Fwinter-activity-log-public.js?ver=",{"cssClasses":1426,"htmlComments":1427,"htmlAttributes":1429,"restEndpoints":1430,"jsGlobals":1431,"shortcodeOutput":1432},[],[1428],"\u003C!-- TimeWinterLock: ",[],[],[],[],{"error":316,"url":1434,"statusCode":1435,"statusMessage":1436,"message":1436},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwinterlock\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":14,"versions":1438},[1439,1446,1455,1464,1472,1482,1492],{"version":41,"download_url":1440,"svn_tag_url":1441,"released_at":39,"has_diff":60,"diff_files_changed":1442,"diff_lines":39,"trac_diff_url":1443,"vulnerabilities":1444,"is_current":60},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwinterlock.1.2.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwinterlock\u002Ftags\u002F1.2.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwinterlock%2Ftags%2F1.2.7&new_path=%2Fwinterlock%2Ftags%2F1.2.8",[1445],{"id":71,"url_slug":72,"title":73,"severity":42,"cvss_score":76,"vuln_type":45,"patched_in_version":6},{"version":1447,"download_url":1448,"svn_tag_url":1449,"released_at":39,"has_diff":60,"diff_files_changed":1450,"diff_lines":39,"trac_diff_url":1451,"vulnerabilities":1452,"is_current":60},"1.2.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwinterlock.1.2.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwinterlock\u002Ftags\u002F1.2.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwinterlock%2Ftags%2F1.2.6&new_path=%2Fwinterlock%2Ftags%2F1.2.7",[1453,1454],{"id":71,"url_slug":72,"title":73,"severity":42,"cvss_score":76,"vuln_type":45,"patched_in_version":6},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":1456,"download_url":1457,"svn_tag_url":1458,"released_at":39,"has_diff":60,"diff_files_changed":1459,"diff_lines":39,"trac_diff_url":1460,"vulnerabilities":1461,"is_current":60},"1.2.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwinterlock.1.2.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwinterlock\u002Ftags\u002F1.2.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwinterlock%2Ftags%2F1.2.5&new_path=%2Fwinterlock%2Ftags%2F1.2.6",[1462,1463],{"id":71,"url_slug":72,"title":73,"severity":42,"cvss_score":76,"vuln_type":45,"patched_in_version":6},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":97,"download_url":1465,"svn_tag_url":1466,"released_at":39,"has_diff":60,"diff_files_changed":1467,"diff_lines":39,"trac_diff_url":1468,"vulnerabilities":1469,"is_current":60},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwinterlock.1.2.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwinterlock\u002Ftags\u002F1.2.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwinterlock%2Ftags%2F1.2.4&new_path=%2Fwinterlock%2Ftags%2F1.2.5",[1470,1471],{"id":71,"url_slug":72,"title":73,"severity":42,"cvss_score":76,"vuln_type":45,"patched_in_version":6},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":1473,"download_url":1474,"svn_tag_url":1475,"released_at":39,"has_diff":60,"diff_files_changed":1476,"diff_lines":39,"trac_diff_url":1477,"vulnerabilities":1478,"is_current":60},"1.2.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwinterlock.1.2.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwinterlock\u002Ftags\u002F1.2.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwinterlock%2Ftags%2F1.2.3&new_path=%2Fwinterlock%2Ftags%2F1.2.4",[1479,1480,1481],{"id":71,"url_slug":72,"title":73,"severity":42,"cvss_score":76,"vuln_type":45,"patched_in_version":6},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":92,"url_slug":93,"title":94,"severity":42,"cvss_score":43,"vuln_type":99,"patched_in_version":97},{"version":1483,"download_url":1484,"svn_tag_url":1485,"released_at":39,"has_diff":60,"diff_files_changed":1486,"diff_lines":39,"trac_diff_url":1487,"vulnerabilities":1488,"is_current":60},"1.2.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwinterlock.1.2.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwinterlock\u002Ftags\u002F1.2.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwinterlock%2Ftags%2F1.2.2&new_path=%2Fwinterlock%2Ftags%2F1.2.3",[1489,1490,1491],{"id":71,"url_slug":72,"title":73,"severity":42,"cvss_score":76,"vuln_type":45,"patched_in_version":6},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":92,"url_slug":93,"title":94,"severity":42,"cvss_score":43,"vuln_type":99,"patched_in_version":97},{"version":1493,"download_url":1494,"svn_tag_url":1495,"released_at":39,"has_diff":60,"diff_files_changed":1496,"diff_lines":39,"trac_diff_url":39,"vulnerabilities":1497,"is_current":60},"1.2.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwinterlock.1.2.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwinterlock\u002Ftags\u002F1.2.2\u002F",[],[1498,1499,1500],{"id":71,"url_slug":72,"title":73,"severity":42,"cvss_score":76,"vuln_type":45,"patched_in_version":6},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":92,"url_slug":93,"title":94,"severity":42,"cvss_score":43,"vuln_type":99,"patched_in_version":97}]