Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public.

CVE-2022-40206: wpForo Forum

Cross-Site Request Forgery (CSRF) vulnerability in Analytify plugin <= 4.2.2 on WordPress.

Homepage | Documentation | Support | Demo | Premium Version

**Google Analytics Dashboard**

**Google Analytics Dashboard Plugin for WordPress** – by Analytify makes **Google Analytics** simple for everyone using WordPress. We know how important it is to keep track of website analytics.

Analytify allows you to present the statistics from Google Analytics in a beautiful and useful manner. The integration is super simple and does not require the help of a developer to set up the integration. Once you integrate Google Analytics in WordPress using Analytify, you will be able to view the dashboard both at the front end and the backend.

Unlike other WordPress analytics plugins, Analytify brings a lot of actionable data in a single view at the dashboard. The Free version will let you view statistics like Visitors, Page views, New vs Returning Visitors, Top Pages, Geographic data, and much more.

The best part about Analytify is that it lets you view page-level statistics like views, users, bounce rate, average time on the page while being logged in the Admin panel of your WordPress website.

The premium version of this WordPress plugin is built to leverage the power of website analytics to let you know how people find and use your website.

Now you can get Google Analytics Dashboard inside your WordPress Dashboard with just a few clicks. Our goal at Analytify is pretty simple, to make data Analytics fun In WordPress.

Analytify is one of the few WordPress analytics plugins, which is the Google Analytics Technology Partner. This means our plugin is carefully tested and vetted to make sure you get the kind of support you need to be successful.

**Analytify 4.0 is here! Discover Google Analytics Like Never Before! Must check those stunning Screenshots!**

**ANALYTIFY PRO VERSION:**

> This is the free version of Analytify, there is a Premium version that comes with basic plus advanced features to help you get Google Analytics in WordPress. The Pro version is more easy to install, and shows **Real-Time Stats**, **Campaign Stats**, **ShortCodes**, **Front-end Stats** and more reports in backend and front-end. Also the premium version has better ecommerce tracking (Buy Add-ons with premium), and campaigns management. Get the affordable Premium Version from analytify.io . Bundle price is also available with Addons.

**ANALYTIFY IS A MULTILINGUAL PLUGIN, AVAILABLE IN THE FOLLOWING LANGUAGES**

The plugin is fully available in French, Turkish and Hungarian languages. However Dutch, German and Russian are just about to be fully translated. We are working hard to make sure the plugin is fully available in all the mentioned languages.

*   French 100%
*   Turkish 100%
*   Hungarian 100%
*   Dutch 96%
*   German 96%
*   Russian 82%
*   Norwegian 79%
*   Spanish 50%

> 100% Multilingual, Translatable and WPML Compatible

**INSTALLATION PROCESS OF ANALYTIFY WORDPRESS ANALYTICS PLUGIN**

Connect your WordPress site with Google Analytics with 1-Click Authentication process and It add Google Analytics tracking code to your WordPress website without the help of a developer.

> It is highly recommended by Google Analytics Team to use your own Custom API keys. You need to create a Project in Google Console.  
> Here is a short Video guide to get your own ClientID, Client Secret and Redirect URL. Add these API Keys in Advanced Tab before connecting Analytify with Google Analytics.

**TOP FEATURES OF THIS GOOGLE ANALYTICS PLUGIN FOR WORDPRESS**

Enhanced eCommerce Google analytics Tracking Add-ons for WooCommerce

Ecommerce tracking is a tricky process and requires the time and help of a developer to properly set up events and tracking. Analytify allows solid integration with WooCommerce to ensure you do not miss out on important eCommerce data of your business. It allows you to track product clicks, impressions, add to cart clicks, product performance, and much more right in your WordPress dashboard. The report also generates key insights on following factors:

*   Average Order Value
*   Transaction Revenues
*   Total Transactions
*   Products removed from the cart

Enhanced eCommerce Tracking for Easy Digital Downloads

Analytify’s addon for Easy Digital Downloads, lets you track digital sales, transactions, and revenue. We have made sure to sync the addon with Google Analytics for Easy Digital Downloads so that you can keep a close eye on the entire shopping behavior funnel of your website.

Geographical Data

The geographic data in the analytics report presents a beautiful visualization with the list of every country and city bringing traffic to your website. The low to high scale on the map makes it easy to identify the top traffic countries. You can easily identify those countries by hovering the mouse over the map.

Social Media Statistics in WordPress

Social media is a powerful source of traffic, and our plugin lets you know the effectiveness of your social media efforts inside your WordPress dashboard.

Real-Time Reporting

You must have seen real-time data in Google Analytics. But that nifty feature can be shown in your WordPress dashboard by connecting your WordPress site with Analytify.

Helps with Search Engine Optimization

Analytify lets you see traffic data for individual blog posts and pages, this keeps you aware of your top-performing content and allows you to take actionable steps.

Automated Email Reports

If you are an agency, or a business owner with multiple websites then our automated email reporting will come very handy for you. You can send individual post stats directly to your client by simply clicking “Send Email” within the dashboard.

Google Analytics System Stats Report

In the Analytify plugin, users can also view System stats report that includes how many visitors are coming from which platforms which include Operating systems, Browsers, and Mobile devices statistics.

Google Analytics Report for Goals

In the Analytify dashboard, you can also view your goals report that includes Goal Completions, Goals Value, Goals Conversion rate, Page per session, and Pages. The dashboard is further extended to show traffic sources and the goal completion from those sources.

Frontend Tracking Reports ShortCodes

If you want to show your stats to your user on the frontend side of your website or any post, you can easily do that. As Analytify provides you this amazing option by using shortcodes you can integrate tracking on your post or page for your users of visitors by adding shortcodes.

**GDPR Compatible Plugins**

*   CookieYes
*   Cookie Notice & Compliance.

**OTHER FEATURES YOU CAN GET BY CONNECTING YOUR SITE WITH GOOGLE ANALYTICS PLUGIN FOR WORDPRESS**

*   List of top Referrers Browsers
*   List of top Referrers
*   Mobile device Statistics
*   See What’s happening when users come to your site (Bounce rate of top pages)
*   It can be easily customizable with CSS, you can give it any shape you want.
*   You can extend it to any level. Usage of API’s are very easy to work with.
*   General Statistics (Sessions, Users, Bounce rate, Average time on site, Average pages, Pageviews, New/Returning Visitors)
*   How people are finding you (TOP KEYWORDS)
*   \[New\] Dashboard dropdown menu now remembers your last selection of time period.

PREMIUM FEATURES

*   Campaigns Statistics
*   Events Tracking
*   Google AMP
*   Google Optimize
*   Forms Tracking
*   Custom Dimensions
*   Use ShortCodes in Widgets
*   Google Analytics Stats (Full) under the single posts,pages & Custom Post Types as a block in wp-admin
*   ShortCodes (Simple and Advanced) for Custom Statistics of your own choice

WooCommerce Enhanced eCommerce tracking and report dashboard right inside your WordPress is now available. Take a look.

Following are the important add-ons which empower you to set up Google Analytics like a boss. It really helps your clients, online stores, etc.

*   Google Analytics Goals Dashboard
*   Google Analytics eCommerce Tracking for WooCommerce
*   Google Analytics eCommerce Tracking for Easy Digital Downloads
*   Automated Email Notifications
*   Google Analytics Campaigns Tracking
*   \[Free\] Google Analytics Dashboard Widget

FOLLOWING IS A COMPLETE HIERARCHY STRUCTURE OF ANALYTIFY PRODUCTS SUITE

*   Analytify Core (Free and Required for all add-ons)
    *   Dashboard widget (Free) Google Analytics Widget in your WordPress Dashboard.
    *   Analytify Pro (Paid)
        *   Campaign Tracking (Paid)
        *   Email Notifications (Paid)
        *   Google Analytics Goals Tracking and Dashboard (Paid)
        *   Google Analytics Forms Tracking and Dashboard (Paid)
        *   Google Analytics Authors Tracking and Dashboard (Paid)
        *   Enhanced Ecommerce Google Analytics Tracking for WooCommerce (Paid)
        *   Enhanced Ecommerce Google Analytics Tracking for Easy Digital Downloads (Paid)

It is highly recommended by Google Analytics Team to use your own Custom API keys. You need to create a Project in Google Console.

Here is a short Video guide or a tutorial to get your own ClientID, Client Secret and Redirect URL. Add these API Keys in Advanced Tab before connecting Analytify with Google Analytics.

> This Google analytics plugin is also available on github and ready to take bugs and pull requests. For Support, you can buy the **PRO version**, this will give access to premium updates, support and features.

**Notes**

Analytify is the best Google Analytics plugin for WordPress. We make Google Analytics look EASY. You know all about Google Analytics and love the data it provides, but wouldn’t it be nice if there is a tool to make managing all of that complex information simpler?

You’re in luck.

Google Analytics Was Never This Fun In WordPress before.

Following is a list of Testimonials you must read them once.

Testimonial # 1

**Great way to understand your audience**

I’ve been using the Pro version for quite a while. I really love how it gives me in-depth information about each individual post. That kind of info is hard to navigate to in Google Analytics even if you’re relatively familiar with it already. I discovered all kinds of new things about how people land on my site and how they engage with it just by activating the plugin and looking at the information it provides in the Dashboard and on individual posts.

The author is also an official Google analytics Partner, which I think speaks volumes. Well done all around, highly recommended!

Testimonial # 2

**Best Google Analytics Plugin**

This is something that clients really love as they of course want to see traffic to their site. However many do not want to log into google analytics and work their way through its rather complicated reporting modules. This gives all the headline stuff and more. What’s really neat is that it does it for every single page as well. So you can really see what’s going on for a particular post. So a google search for X led to this page. It also has great realtime reporting for the paid version. I had one small issue and the developer responded and addressed it immediately. Very impressed. It’s become a default plugin.

Testimonial # 3

**Excellent Integrations with Google Analytics**

Many of my clients don’t want to view analytics outside their dashboard. This plugin integrates GA beautifully within the WordPress admin panel. I suggest you give it a spin. The developers are also very nice and dedicated to the plugin, which goes a long way.

Testimonial # 4

**Outstanding support and product**

Besides thinking the plugin is wonderful, I am equally impressed with the support team. I had issues and they emailed back and forth to resolve my issues and even update the plugin for me. I highly recommend this plugin which has been very beneficial to my analytics, but just as important, I appreciate the support in resolving my issue in a very timely manner.

You may buy the premium version to support the development.

https://analytify.io/details

CVE-2022-38137: Analytify – Google Analytics Dashboard For WordPress

Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin <= 3.3.2 on WordPress leading to export file download.

 Verified

 Fixed

**4.3**

CVSS 3.1 score Medium severity

Report  

Monitoring Not reported to be exploited

Vulnerable versions

<= 3.3.2

PSID 

a89cac7d4579

Classification 

Cross Site Request Forgery (CSRF)

OWASP Top 10 

A5: Broken Access Control

Publicly disclosed

2022-10-20

**Details**

Cross-Site Request Forgery (CSRF) vulnerability leading to export file download discovered by Lana Codes (Patchstack Alliance) in WordPress Advanced Order Export For WooCommerce plugin (versions <= 3.3.2).

**Solution**

Update the WordPress Advanced Order Export For WooCommerce plugin to the latest available version (at least 3.3.3).

**References**

CVE-2022-40128: WordPress Advanced Order Export For WooCommerce plugin <= 3.3.2 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved.

 Verified

 Fixed

**5.4**

CVSS 3.1 score Medium severity

Report  

Monitoring Not reported to be exploited

Vulnerable versions

<= 2.0.5

PSID 

08dbfd18875b

Classification 

Insecure Direct Object References (IDOR)

OWASP Top 10 

A5: Broken Access Control

Required privilege 

Requires subscriber or higher role user authentication.

Publicly disclosed

2022-09-26

**Details**

Insecure direct object references (IDOR) vulnerability that allows subscriber+ users to mark any forum post as Solved/Unsolved was discovered by Dhakal Ananda (Patchstack Alliance) in the WordPress wpForo Forum plugin (versions <= 2.0.5).

**Solution**

Update the WordPress wpForo Forum plugin to the latest available version (at least 2.0.6).

**References**

CVE-2022-40205: WordPress wpForo Forum plugin <= 2.0.5 - Insecure direct object references (IDOR) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Advanced Ads GmbH Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 on WordPress.

 Verified

 Fixed

**4.8**

CVSS 3.1 score Medium severity

Report  

Monitoring Not reported to be exploited

Vulnerable versions

<= 1.31.1

PSID 

f310fa25f34a

Classification 

Cross Site Scripting (XSS)

OWASP Top 10 

A7: Cross-Site Scripting (XSS)

Required privilege 

Requires high role user authentication like admin.

Publicly disclosed

2022-09-28

**Details**

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Muhammad Daffa (Patchstack Alliance) in WordPress Advanced Ads – Ad Manager & AdSense plugin (versions <= 1.31.1).

**Solution**

Update the WordPress Advanced Ads – Ad Manager & AdSense plugin to the latest available version (at least 1.32.0).

**References**

CVE-2022-32776: WordPress Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress.



**Solution**

 Fixed

Update the WordPress Activity Log plugin to the latest available version (at least 2.8.4).

Universe discovered and reported this CSV Injection vulnerability in WordPress Activity Log Plugin. This could allow a malicious actor to craft malicious formulas to then exploit vulnerabilities in the spreadsheet software or to execute commands to gain access to the victim';s PC. This vulnerability has been fixed in version 2.8.4.

**Other vulnerabilities in this plugin**

 0 present

 2 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2022-27858: WordPress Activity Log plugin <= 2.8.3 - CSV Injection vulnerability - Patchstack

CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

**A COMPLETE, EASY TO USE & WELL SUPPORTED WORDPRESS ACTIVITY LOG PLUGIN**

Want to monitor and track your WordPress website activity? Find out exactly who does what on your WordPress website. the Activity Log plugin is like an airplane’s black box that logs every activity in WordPress admin, and lets you see exactly what users are doing on your WordPress website.

*   Like, if someone is trying to hack your site.
*   Or, when a post was published, and who published it.
*   Or, if a plugin/theme was activated/deactivated.
*   Log suspicious admin activity.
*   Securing your site by tracking log of all user activity?

Useful, right? Trust us, you won’t understand how you managed your website without it. The plugin is also lightning fast and works behind the scenes, so it doesn’t affect site and admin performance. For optimal performance, we built the plugin so it runs on a separate table in the database.

If you have tens of users or more, you really can’t know who did what. This plugin tries to solve this issue by tracking what users do, and displaying it in an easy to use and easy to filter view on the dashboard of your WordPress site.

**Export to CSV** Export your Activity Log data records to CSV. Developers can easily add support for custom data formats with our new dedicated Export API.

**Data Privacy and GDPR Compliance** We provide the tools to help you be GDPR compliant, including Export/Erasure of data via the WordPress Privacy Tools.

**With the Activity Log you can record:**

*   **WordPress** – Core Updates
*   **Posts** – Created, Updated, Deleted
*   **Pages** – Created, Updated, Deleted
*   **Custom Post Type** – Created, Updated, Deleted
*   **Tags** – Created, Edited, Deleted
*   **Categories** – Created, Edited, Deleted
*   **Taxonomies** – Created, Edited, Deleted
*   **Comments** – Created, Approved, Unproved, Trashed, Untrashed, Spammed, Unspammed, Deleted
*   **Media** – Uploaded, Edited, Deleted
*   **Users** – Login, Logout, Login has failed, Update profile, Registered and Deleted
*   **Plugins** – Installed, Updated, Activated, Deactivated, Changed
*   **Themes** – Installed, Updated, Deleted, Activated, Changed (Editor and Customizer)
*   **Widgets** – Added to a sidebar / Deleted from a sidebar, Order widgets
*   **Menus** – A menu is being Created, Updated, Deleted
*   **Setting** – General, Writing, Reading, Discussion, Media, Permalinks
*   **Options** – Can be extend by east filter
*   **Export** – User download export file from the site
*   **WooCommerce** – Monitor all shop settings and options
*   **bbPress** – Forums, Topics, Replies, Taxonomies and other actions
*   There’s more, but you get the point…

**What people are saying**

*   _“Best 10 Free WordPress Plugins of the Month – July 2014: Keeping tabs on what your users do with their access to the Dashboard”_ – ManageWp.com
*   _“Thanks to this step, we’ve discovered that our site was undergoing a brute force attack”_ – artdriver.com
*   _“Optimized code – The plugin itself is blazing fast and leaves almost no footprint on the server.”_ – freshtechtips.com
*   _“The plugin successful for activity log for WordPress.”_ – wp-tricks.co.il
*   _“This is a pretty simple yet quite effective plugin for keeping track of what your admins and users do on your sites.”_ – shadowdragonunlimited.com
*   _“Activity Log lets you track a huge range of activities. Overall, very easy to use and setup.”_ – elegantthemes.com

**Translators:**

*   German (de\_DE) – Robert Harm
*   Dutch (nl\_NL) – Tom Aalbers
*   Serbo-Croatian (sr\_RS) – Borisa Djuraskovic
*   Danish (da\_DK) – Morten Dalgaard Johansen
*   Hebrew (he\_IL) + RTL Support – Pojo.me
*   Armenia (hy\_AM) – Hayk Jomardyan
*   Brazilian Portuguese (pt\_BR) – Criação de Sites
*   Turkish (tr\_TR) – Ahmet Kolcu
*   Persian (fa\_IR) – Promising
*   Russian (ru\_RU) – Oleg Reznikov
*   Polish (pl\_PL) – Maciej Gryniuk
*   Czech (cs\_CZ) – Martin Kokeš
*   Finnish (fi) – Nazq

The plugin does not require any kind of setup. It works out of the box (and that’s another reason people love it).

We’re planning to add a lot more features in the upcoming releases. If you think we’re missing something big time, please post your suggestions in the plugin’s forum.

**Contributions:**

Would you like to like to contribute to Activity Log? You are more than welcome to submit your pull requests on the GitHub repo. Also, if you have any notes about the code, please open a ticket on the issue tracker.

1.  Upload plugin files to your plugins folder, or install using WordPress’ built-in Add New Plugin installer
2.  Activate the plugin
3.  Go to the plugin page (under Dashboard > Activity Log)

**Requirements**

*   **Requires PHP5** for list management functionality.

**What is the plugin license?**

*   This plugin is released under a GPL license.

**Can I export logs?**

*   You can easily export logs with Activity Log. We also support exporting filtered results. Filter by the time the action took place, roles, users, options, action type, and more.

A really simple activity log, easy to use. The UI is intuitive and search feature is nice. There aren't a lot of options or feature but it does what I need it to, and it's free.

This is one of simple, easy to use plugin and, never broke or had any issue despite being free. This plugin really helps to find out the unauthorized and malicious activity with ease. I really appreciate the good work. Thank you so much.

Love it! Have it installed on about ~300 sites, no issues except one site that was getting slammed with spam login attempts and the log grew to big to quick but ultimately this plugin helped identify the need to restrict the login url.

An earlier review reported failure to activate and impossible to delete: I suspect that those issues were caused by an out-of-date WordPress and PHP installation. I upgraded and the plug-in does what it says it does.

It saved one of my client's project requests. Simple, intuitive and it even exports information as CSV! Thank you developers! 🙂

Very good plug-in never had any issue, I installed in 5 websites so far and no problem.

Read all 67 reviews

“Activity Log” is open source software. The following people have contributed to this plugin.

Contributors

**2.8.4 – 2022-09-04**

*   Tweak: Added Activity Log setting to records log
*   Tweak: Added encoded value in CSV file (#165)

**2.8.3 – 2022-03-09**

*   Tweak: Run Clear old items from DB once daily to avoid unexpected errors (#156)

**2.8.2 – 2022-01-25**

*   Fix: Auto-updates of core, plugins and themes are not registered to the log (#155, props @nicomollet)

**2.8.1 – 2021-12-01**

*   Fix: Activity log database table not being dropped after deleting the plugin in multisite installation

**2.8.0 – 2021-11-17**

*   New: Added Privacy Settings to records log
*   New: Added Site Language to records log
*   New: Added a filter link to Topic, IP, Date, User and Action in the log table screen
*   Tweak: Aligned Topics to be in plural instead of singular
*   Fix: Filter by users dropdown on activity page threw a timeout error in some cases (#141)
*   Fix: CSV Export issue with comma separated values (Topic)

**2.7.0 – 2021-05-06**

*   New: Added an option to skip or keep the failed login logs for better optimization (#125)
*   Tweak: Improved the activity log table with clear labels and re-order columns for better UX
*   Tweak: Changed the wrong\_password action to failed\_login in User topic
*   Tweak: Changed the added action to uploaded in Attachment topic
*   Tweak: Changed the created action to registered in User topic
*   Fix: Add input sanitization to avoid security issues

**2.6.1 – 2021-02-15**

*   Fix: Conflict with WooCommerce while you using new block editor

**2.6.0 – 2020-10-19**

*   Tweak: Added support for CloudFlare and CloudFlare Enterprise client IP header (#133)
*   Tweak: Added browser confirmation to Reset Database option
*   Tweak: Notification tab is now deprecated for new installations
*   Tweak: Added support for displaying custom role activity log (#78, #135, Topic, Topic)
*   Fix: Show user data on log-out action (#126, Topic)
*   Fix: Removed unused help context in admin to resolve deprecated WP error (Topic)
*   Fix: PHP Notices are thrown when Debug mode is active (Topic)
*   Fix: Resolve jQuery Deprecation Notice and compatibility with WordPress 5.6+ (Topic)

**2.5.2**

*   Fix: Conflict with Elementor and WordPress Widgets

**2.5.1**

*   Fix! – PHP < 5.4 compatibility (Topic)

**2.5.0**

*   New! Added log to Export Personal Data tool for better GDPR Compliance (Topic)

**2.4.1**

*   Fix! – Escape title before saving to database

**2.4.0**

*   New! Export your Activity Log data records to CSV (#70)

**2.3.6**

*   Fix! – Admin table filters

**2.3.5**

*   Fix! – Added comparability for WordPress 4.8.2 & 4.7.6

**2.3.4**

*   Tweak! – Change Guest user to “N/A”

**2.3.3**

*   Fixed! – Minor XSS vulnerability, credit to Han Sahin

**2.3.2**

*   Fixed! – Minor XSS vulnerability, credit to Han Sahin

**2.3.1**

*   Tweak! – Added seconds in time column
*   Tweak! – Rearrange filters in list table

**2.3.0**

*   Tweak! – All translates moved to GlotPress
*   Tweak! – Added restore status for Posts (#46)
*   Tweak! – A11y changes for WordPress 4.4 which requires h1 tags (#84)
*   Tweak! – Allow some ajax requests just for admin

**2.2.12**

*   Tested up to WordPress v4.5

**2.2.11**

*   Tweak! – Temporarily remove Freemius SDK from the plugin

**2.2.10**

*   Tweak! Update Freemius SDK
*   Tested up to WordPress v4.4.2

**2.2.9**

*   Tweak! Update Freemius SDK

**2.2.8**

*   Tweak! Update Freemius SDK

**2.2.7**

*   Added! – Freemius Insights platform to improve plugin UX
*   Tweak! Update translate: Russian (ru\_RU) – Thanks to Oleg Reznikov
*   Tested up to WordPress v4.4

**2.2.6**

*   Tweak! – Added sort by IP address (#77)
*   Tweak! – Added more actions/types in notification

**2.2.5**

*   New! – Added translate: Finnish (fi) – Thanks to Nazq (topic)
*   Tweak! – Better actions label in list table
*   Fixed! – Notice php warring in MU delete site
*   Tested up to WordPress v4.3

**2.2.4**

*   New! – Added translate: Czech (cs\_CZ) – Thanks to Martin Kokeš (#76)

**2.2.3**

*   Tweak! – Added more filters in table list columns

**2.2.2**

*   Fixed! some PHP strict standards (PHP v5.4+)

**2.2.1**

*   Fixes from prev release

**2.2.0**

*   New! – Adds search box, to allow users to search the description field.
*   New! – Allows users to now filter by action
*   New! – Added translate: Polish (pl\_PL) – Thanks to Maciej Gryniuk
*   Tweak! – SQL Optimizations for larger sites

**2.1.16**

*   New! Added translate: Russian (ru\_RU) – Thanks to Oleg Reznikov
*   Fixes Undefined property with some 3td party themes/plugins
*   Tested up to WordPress v4.2

**2.1.15**

*   Tested up to WordPress v4.1
*   Change plugin name to “Activity Log”

**2.1.14**

*   New! Added translate: Persian (fa\_IR) – Thanks to Promising

**2.1.13**

*   New! Added filter by User Roles (#67)

**2.1.12**

*   New! Added translate: Turkish (tr\_TR) – Thanks to Ahmet Kolcu

**2.1.11**

*   Fixed! Compatible for old WP version

**2.1.10**

*   New! Now tracking when menus created and deleted
*   New! Added translate: Portuguese (pt\_BR) – Thanks to Criação de Sites

**2.1.9**

*   New! Store all WooCommerce settings (#62)
*   Tested up to WordPress v4.0

**2.1.8**

*   New! Now tracking when plugins installed and updated (#59 and #43)

**2.1.7**

*   New! Now tracking when user download export file from the site (#58 and #63)

**2.1.6**

*   Tested up to WordPress v3.9.2

**2.1.5**

*   New! Now tracking when theme installed, updated, deleted (#44)

**2.1.4**

*   Fixed! Store real IP address in Proxy too (#53)

**2.1.3**

*   New! Added translate: Dutch (nl\_NL) – Thanks to Tom Aalbers (#55)

**2.1.2**

*   Tweak! Update translate: Hebrew (he\_IL)

**2.1.1**

*   New! Track about WordPress core update (manual or auto-updated) (#41)
*   New! Track post comments (created, approved, unproved, trashed, untrashed, spammed, unspammed, deleted) (#42)

**2.1.0**

*   New! Personally-tailored notifications that can be triggered by various types of events, users and action type (currently only email notifications are supported)
*   Bug fixes, stability improvements
*   Fixed an error that occurred on PHP 5.5

**2.0.7**

*   Tested up to WordPress v3.9.0

**2.0.6**

*   Fixed! Random fatal error (topic)

**2.0.5**

*   New! Register aal_init_caps filter.
*   Tweak! Change all methods to non-static.
*   Tweak! Some improved coding standards and PHPDoc.
*   Tweak! Split AAL_Hooks class to multiple classes.
*   New! Added translate: Armenia (hy\_AM) – Thanks to Hayk Jomardyan.

**2.0.4**

*   Tweak! Don’t allowed to access in direct files.
*   New! Added translate: Danish (da\_DK) – Thanks to Morten Dalgaard Johansen

**2.0.3**

*   New! Record when widgets change orders.

**2.0.2**

*   New! Save more Options:
*   General
*   Writing
*   Reading
*   Discussion
*   Media
*   Permalinks

**2.0.1**

*   New! filter for disable erase all the log
*   Bugs fixed

**2.0.0**

*   Added Screen Options
*   New! Ability to select a number of activity items per page
*   New! Columns are now sortable
*   Added filter by date – All Time, Today, Yesterday, Week, Month
*   Added Avatar to author
*   Added role for author
*   Added log for activeted theme
*   Re-order Culoumns
*   Compatible up to 3.8.1
*   Settings page is now accessible directly from Activity Log’s menu
*   Keep your log for any time your wants
*   Delete Log Activities from Database.
*   Bugs fixed

**1.0.8**

*   Added translate: Serbo-Croatian (sr\_RS) – Thanks to Borisa Djuraskovic.

**1.0.7**

*   Added ‘view\_all\_aryo\_activity\_log’ user capability (topic).

**1.0.6**

*   Added WooCommerce integration (very basic).
*   Added Settings link in plugins page.

**1.0.5**

*   Fix – Make sure no save double lines (menu taxonomy / post).

**1.0.4**

*   Added Taxonomy type (created, updated, deleted).

**1.0.3**

*   Added Multisite compatibility.
*   Added Options hooks (limit list, you can extend by simple filter).
*   Added Menu hooks.
*   Tweak – Ensure no duplicate logs..

**1.0.2**

*   Forget remove old .pot file

**1.0.1**

*   Added translate: German (de\_DE) – Thanks to Robert Harm
*   Added translate: Hebrew (he\_IL)
*   Plugin name instead of file name on activation/deactivation
*   **New Hooks:**
*   A widget is being deleted from a sidebar
*   A plugin is being changed
*   Theme Customizer (Thanks to Ohad Raz)

**1.0**

*   Blastoff!

CVE-2022-27858: Activity Log

The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP

CVE-2022-3537

The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, and a suitable gadget chain is present on the blog

CVE-2022-3536

The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins such as Loco Translate or WPML.

Tag

#wordpress