CVE-2026-42673

HIGH

WordPress Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity plugin <= 3.3.6 - Sensitive Data Exposure vulnerability

Title source: cna

Description

Insertion of Sensitive Information Into Sent Data vulnerability in Logtivity Activity Logs Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity allows Retrieve Embedded Sensitive Data. This issue affects Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity: from n/a through 3.3.6.

References (1)

Core 1

Core References

Vdb Entry vdb-entry

https://patchstack.com/database/wordpress/plugin/logtivity/vulnerability/wordpress-activity-logs-user-activity-tracking-multisite-activity-log-from-logtivity-plugin-3-3-6-sensitive-data-exposure-vulnerability?_s_id=cve

Scores

CVSS v3 7.5

EPSS 0.0024

EPSS Percentile 15.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-201

Status published

Products (1)

Logtivity Activity Logs/Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity < 3.3.6

Published Jun 01, 2026

Tracked Since Jun 01, 2026