Deserialization in Melapress Wp Activity Log

CVE-2025-0767

WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php.

Vulnerability class: Insecure Deserialization

EPSS: 0.002 (43.6th percentile) — read the EPSS interpretation.

Affected products

Melapress Wp Activity Log — versions 5.3.2

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

References

fluidattacks.com/advisories/skims-9/ (third-party-advisory)
co.wordpress.org/plugins/wp-security-audit-log/ (product)