CVE-2026-45435: WordPress WP Activity Log plugin <= 5.6.3 - Cross Site Scripting (XSS) vulnerability
Published May 25, 2026
·Updated
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log allows DOM-Based XSS. This issue affects WP Activity Log: from n/a through 5.6.3.
Affected Software
1 affected component
Melapress WP Activity Log<=5.6.3
Remediation
Information
Update the WordPress WP Activity Log Plugin to the latest available version (at least 5.6.3.1).
Event History
May 25, 2026
CVE Published
via MITRE·10:28 PM
Data Sourced
via MITRE·10:28 PM
RemedyDescriptionSeverityWeakness
Frequently Asked Questions
1
What is the severity of CVE-2026-45435?
CVE-2026-45435 has a medium severity rating of 6.5.
2
How do I fix CVE-2026-45435?
To fix CVE-2026-45435, update the WordPress WP Activity Log plugin to at least version 5.6.3.1.
3
What type of vulnerability is CVE-2026-45435?
CVE-2026-45435 is classified as a Cross-Site Scripting (XSS) vulnerability.
4
Which versions of the WP Activity Log plugin are affected by CVE-2026-45435?
CVE-2026-45435 affects all versions of WP Activity Log from n/a through 5.6.3.
5
What impact does CVE-2026-45435 have on users?
CVE-2026-45435 can lead to DOM-Based XSS, allowing attackers to execute malicious scripts in the context of user sessions.