Security Advisory

CVE-2025-13471

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-28 06:00:03
Last updated 2026-04-02 12:39:54
Assigner WPScan
State PUBLISHED

Description

The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 (for example to enable User Registration when it has been turned off)