Security Advisory
CVE-2025-13471
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 (for example to enable User Registration when it has been turned off)