PatchSiren cyber security CVE debrief
CVE-2026-39581 activity-log.com CVE debrief
A high-severity SQL injection vulnerability was discovered in the WP Sessions Time Monitoring Full Automatic plugin, version 1.1.4 and below. This vulnerability, tracked as CVE-2026-39581, allows subscribers to inject malicious SQL code, potentially leading to unauthorized data access and manipulation.
- Vendor
- activity-log.com
- Product
- WP Sessions Time Monitoring Full Automatic
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Users of the WP Sessions Time Monitoring Full Automatic plugin, version 1.1.4 and below, should apply patches or mitigations to prevent exploitation.
Technical summary
The vulnerability exists due to inadequate input sanitization, allowing subscribers to execute arbitrary SQL queries. The CVSS score for this vulnerability is 8.5, indicating a high severity level.
Defensive priority
HIGH
Recommended defensive actions
- Apply the latest patch or update for the WP Sessions Time Monitoring Full Automatic plugin.
- Restrict subscriber privileges to minimize potential damage.
- Monitor plugin logs for suspicious activity.
Evidence notes
Evidence of this vulnerability was provided by Patchstack, as referenced in the CVE record.
Official resources
-
CVE-2026-39581 CVE record
CVE.org
-
CVE-2026-39581 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-39581 was published on 2026-06-16T10:16:27.357Z and has not been modified since.