Vulnerabilities ›

CVE-2025-11877

High

User Activity Log Plugin Authentication Bypass Allows Unauthorized Site Options Modification

CWE-862 — Weakness Type

                    Published: Jan 7, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

7.5

🔗 NVD Official

📄 Description (English)

The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ual_shook_wp_login_failed' lacks a capability check and writes failed usernames directly into update_option() calls. This makes it possible for unauthenticated attackers to push select site options from 0 to a non-zero value, allowing them to reopen registration or corrupt options like 'wp_user_roles', breaking wp-admin access.

🤖 AI Executive Summary

The User Activity Log plugin versions up to 2.2 lacks capability checks in the failed-login handler, allowing unauthenticated attackers to modify WordPress site options. This vulnerability enables attackers to reopen user registration or corrupt critical options, potentially disrupting administrative access.

📄 Description (Arabic)

يفتقر مكون User Activity Log إلى فحوصات الصلاحيات في معالج تسجيل الدخول الفاشل، مما يسمح للمهاجمين غير المصرح لهم بتعديل خيارات موقع WordPress. يمكن للمهاجمين إعادة فتح تسجيل المستخدمين أو إفساد الخيارات الحرجة مثل wp_user_roles.

🤖 ملخص تنفيذي (AI)

User Activity Log plugin versions up to 2.2 has a capability check vulnerability in the failed-login handler that allows unauthenticated attackers to modify WordPress site options. Attackers can reopen user registration or corrupt critical options like wp_user_roles, disrupting admin access.

🤖 AI Intelligence Analysis Analyzed: May 3, 2026 17:19

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

government banking telecom healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1078 T1098

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Update the User Activity Log plugin to version 2.3 or later immediately. Implement Web Application Firewall (WAF) rules to block suspicious option update requests. Restrict WordPress registration settings and monitor failed login attempts for anomalous patterns.

🔧 خطوات المعالجة (العربية)

قم بتحديث مكون User Activity Log إلى الإصدار 2.3 أو أحدث فوراً. طبّق قواعد جدار حماية تطبيقات الويب لحجب طلبات تحديث الخيارات المريبة. قيّد إعدادات تسجيل WordPress ومراقبة محاولات تسجيل الدخول الفاشلة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.2.1

🔵 SAMA CSF

AC-2 AC-3

🟡 ISO 27001:2022

A.9.2.1 A.9.4.3

🔗 References & Sources 2

🔗

https://plugins.trac.wordpress.org/browser/user-activity-log/trunk/user-functions.php

security@wordfence.com

🔗

https://www.wordfence.com/threat-intel/vulnerabilities/id/24225f47-cec2-4270-88f0-8696e...

security@wordfence.com

📊 CVSS Score

7.5

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityH — High

AvailabilityN — None / Network

📋 Quick Facts

Severity High

CVSS Score7.5

CWECWE-862

EPSS0.03%

Exploit No

Patch ✓ Yes

Published 2026-01-07

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-862

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2025-11877

💬 Comments

Introduce Yourself

Sign In Required