PatchSiren

Melapress CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL Melapress CVE published 2026-06-17

CVE-2026-54806

CVE-2026-54806 is a critical Unauthenticated PHP Object Injection vulnerability in the WP Activity Log plugin versions <= 5.6.3.1. The vulnerability has a CVSS score of 9.8 and is considered critical. The CVE record was published on 2026-06-17T13:20:51.727Z and has not been modified since then. This vulnerability allows attackers to inject malicious PHP objects, potentially leading to code execution, data [truncated]

MEDIUM Melapress CVE published 2026-05-25

CVE-2026-45435

A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the WP Activity Log plugin for WordPress, affecting versions up to and including 5.6.3. The vulnerability stems from improper neutralization of input during web page generation, allowing an attacker with low privileges to inject malicious scripts that execute in a victim's browser. The CVSS 3.1 score of 6.5 (Medium) reflects network attack vec [truncated]