Product

CoreActivity: Activity Logging for WordPress Plugin <= 3.0

1 brief RSS

coreActivity: Activity Logging for WordPress Plugin Vulnerable to PHP Object Injection (CVE-2026-7635)

The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection (CVE-2026-7635), allowing unauthenticated attackers to inject a crafted PHP serialized payload via the User-Agent header, leading to a persistent Denial of Service condition.

coreActivity: Activity Logging for WordPress plugin <= 3.0 cve wordpress php object injection denial of service

2r 1t 1c 2h ago