MEDIUM
Melapress
CVE published 2026-05-25
CVE-2026-45435
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the WP Activity Log plugin for WordPress, affecting versions up to and including 5.6.3. The vulnerability stems from improper neutralization of input during web page generation, allowing an attacker with low privileges to inject malicious scripts that execute in a victim's browser. The CVSS 3.1 score of 6.5 (Medium) reflects network attack vec [truncated]