CVE-2024-10788 – The Activity Log plugin for WordPress has a sto... (How to Fix)

Q: What is the severity of CVE-2024-10788?

CVE-2024-10788 has a CVSS score of 7.2 (HIGH). The Activity Log plugin for WordPress has a stored XSS vulnerability that allows unauthenticated attackers to inject malicious scripts into administrative pages. When administrators view affected pages, the scripts execute in their browser context. All WordPress sites using this plugin up to version 2.11.1 are affected.

📋 TL;DR

The Activity Log plugin for WordPress has a stored XSS vulnerability that allows unauthenticated attackers to inject malicious scripts into administrative pages. When administrators view affected pages, the scripts execute in their browser context. All WordPress sites using this plugin up to version 2.11.1 are affected.

💻 Affected Systems

Products:

Activity Log – Monitor & Record User Changes WordPress plugin

Versions: All versions up to and including 2.11.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with the vulnerable plugin activated.

📦 What is this software?

Activity Log by Pojo

View all CVEs affecting Activity Log →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, perform actions as administrators (install backdoors, modify content), or redirect users to malicious sites.

🟠

Likely Case

Attackers inject tracking scripts, deface sites, or steal administrator credentials to gain persistent access.

🟢

If Mitigated

With proper input validation and output escaping, malicious scripts are neutralized before execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

XSS vulnerabilities are commonly exploited; unauthenticated access lowers the barrier.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.11.2 or later

Vendor Advisory: https://plugins.trac.wordpress.org/browser/aryo-activity-log

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Activity Log' and click 'Update Now'. 4. Verify version is 2.11.2 or higher.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily deactivate the vulnerable plugin until patched.

wp plugin deactivate aryo-activity-log

Content Security Policy

all

Implement CSP headers to restrict script execution sources.

Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Or use WordPress CSP plugin

🧯 If You Can't Patch

Restrict administrative access to trusted IP addresses only.
Monitor administrator activity logs for unusual behavior or script injections.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin > Plugins > Installed Plugins for 'Activity Log' version 2.11.1 or lower.

Check Version:

wp plugin get aryo-activity-log --field=version

Verify Fix Applied:

Confirm plugin version is 2.11.2 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual entries in activity logs with script tags or JavaScript code
Multiple failed login attempts followed by successful admin login

Network Indicators:

Outbound connections to unknown domains from admin sessions
Unexpected POST requests to plugin endpoints

SIEM Query:

source="wordpress" AND (plugin="aryo-activity-log" AND version<="2.11.1") OR (event_description CONTAINS "<script>" OR event_description CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2024-10788

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: November 21, 2024

Last Updated: July 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10788, you might also want to check these: