CVE-2025-13471

Publication date

2026-01-28 06:00:03

Family

WPScan

State

PUBLISHED

Description

The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 (for example to enable User Registration when it has been turned off)