Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

1 vulnerability by Logtivity Activity Logs

CVE-2026-42673 (GCVE-0-2026-42673)

Vulnerability from cvelistv5 – Published: 2026-06-01 15:24 – Updated: 2026-06-01 17:06 X_Open Source

Title

WordPress Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity plugin <= 3.3.6 - Sensitive Data Exposure vulnerability

Summary

Insertion of Sensitive Information Into Sent Data vulnerability in Logtivity Activity Logs Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity allows Retrieve Embedded Sensitive Data. This issue affects Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity: from n/a through 3.3.6.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-201 - Insertion of Sensitive Information Into Sent Data

Assigner

Patchstack

References

1 reference

URL	Tags
https://patchstack.com/database/wordpress/plugin/…	vdb-entry

Impacted products

1 product

Vendor	Product	Version
Logtivity Activity Logs	Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity	Affected: n/a , ≤ 3.3.6 (custom)

Credits

Peng Zhou | Patchstack Bug Bounty Program

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42673",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-01T17:01:50.368753Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-01T17:06:40.773Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "logtivity",
          "product": "Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity",
          "vendor": "Logtivity Activity Logs",
          "versions": [
            {
              "changes": [
                {
                  "at": "3.3.7",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.3.6",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Peng Zhou | Patchstack Bug Bounty Program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insertion of Sensitive Information Into Sent Data vulnerability in Logtivity Activity Logs Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity allows Retrieve Embedded Sensitive Data.\u003cp\u003eThis issue affects Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity: from n/a through 3.3.6.\u003c/p\u003e"
            }
          ],
          "value": "Insertion of Sensitive Information Into Sent Data vulnerability in Logtivity Activity Logs Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity allows Retrieve Embedded Sensitive Data.\n\nThis issue affects Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity: from n/a through 3.3.6."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-37",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-201",
              "description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T15:24:05.488Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/wordpress/plugin/logtivity/vulnerability/wordpress-activity-logs-user-activity-tracking-multisite-activity-log-from-logtivity-plugin-3-3-6-sensitive-data-exposure-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update the WordPress Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity Plugin to the latest available version (at least 3.3.7)."
            }
          ],
          "value": "Update the WordPress Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity Plugin to the latest available version (at least 3.3.7)."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "tags": [
        "x_open-source"
      ],
      "title": "WordPress Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity plugin \u003c= 3.3.6 - Sensitive Data Exposure vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2026-42673",
    "datePublished": "2026-06-01T15:24:05.488Z",
    "dateReserved": "2026-04-29T09:04:52.624Z",
    "dateUpdated": "2026-06-01T17:06:40.773Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}