{"api_version":"1","generated_at":"2026-06-04T01:00:31+00:00","cve":"CVE-2026-42673","urls":{"html":"https://cve.report/CVE-2026-42673","api":"https://cve.report/api/cve/CVE-2026-42673.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-42673","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-42673"},"summary":{"title":"WordPress Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity plugin <= 3.3.6 - Sensitive Data Exposure vulnerability","description":"Insertion of Sensitive Information Into Sent Data vulnerability in Logtivity Activity Logs Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity allows Retrieve Embedded Sensitive Data.\n\nThis issue affects Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity: from n/a through 3.3.6.","state":"PUBLISHED","assigner":"Patchstack","published_at":"2026-06-01 17:16:59","updated_at":"2026-06-01 17:57:16"},"problem_types":["CWE-201","CWE-201 CWE-201 Insertion of Sensitive Information Into Sent Data"],"metrics":[{"version":"3.1","source":"audit@patchstack.com","type":"Secondary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/logtivity/vulnerability/wordpress-activity-logs-user-activity-tracking-multisite-activity-log-from-logtivity-plugin-3-3-6-sensitive-data-exposure-vulnerability?_s_id=cve","name":"https://patchstack.com/database/wordpress/plugin/logtivity/vulnerability/wordpress-activity-logs-user-activity-tracking-multisite-activity-log-from-logtivity-plugin-3-3-6-sensitive-data-exposure-vulnerability?_s_id=cve","refsource":"audit@patchstack.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-42673","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42673","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Logtivity Activity Logs","product":"Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity","version":"affected n/a 3.3.6 custom","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"Update the WordPress Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity Plugin to the latest available version (at least 3.3.7).","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Peng Zhou | Patchstack Bug Bounty Program","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"42673","cve":"CVE-2026-42673","epss":"0.000310000","percentile":"0.092770000","score_date":"2026-06-03","updated_at":"2026-06-04 00:06:35"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"collectionURL":"https://wordpress.org/plugins","defaultStatus":"unaffected","packageName":"logtivity","product":"Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity","vendor":"Logtivity Activity Logs","versions":[{"changes":[{"at":"3.3.7","status":"unaffected"}],"lessThanOrEqual":"3.3.6","status":"affected","version":"n/a","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Peng Zhou | Patchstack Bug Bounty Program"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Insertion of Sensitive Information Into Sent Data vulnerability in Logtivity Activity Logs Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity allows Retrieve Embedded Sensitive Data.<p>This issue affects Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity: from n/a through 3.3.6.</p>"}],"value":"Insertion of Sensitive Information Into Sent Data vulnerability in Logtivity Activity Logs Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity allows Retrieve Embedded Sensitive Data.\n\nThis issue affects Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity: from n/a through 3.3.6."}],"impacts":[{"capecId":"CAPEC-37","descriptions":[{"lang":"en","value":"CAPEC-37 Retrieve Embedded Sensitive Data"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-201","description":"CWE-201 Insertion of Sensitive Information Into Sent Data","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-01T15:24:05.488Z","orgId":"21595511-bba5-4825-b968-b78d1f9984a3","shortName":"Patchstack"},"references":[{"tags":["vdb-entry"],"url":"https://patchstack.com/database/wordpress/plugin/logtivity/vulnerability/wordpress-activity-logs-user-activity-tracking-multisite-activity-log-from-logtivity-plugin-3-3-6-sensitive-data-exposure-vulnerability?_s_id=cve"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Update the WordPress Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity Plugin to the latest available version (at least 3.3.7)."}],"value":"Update the WordPress Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity Plugin to the latest available version (at least 3.3.7)."}],"source":{"discovery":"EXTERNAL"},"tags":["x_open-source"],"title":"WordPress Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity plugin <= 3.3.6 - Sensitive Data Exposure vulnerability","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"21595511-bba5-4825-b968-b78d1f9984a3","assignerShortName":"Patchstack","cveId":"CVE-2026-42673","datePublished":"2026-06-01T15:24:05.488Z","dateReserved":"2026-04-29T09:04:52.624Z","dateUpdated":"2026-06-01T15:24:05.488Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-01 17:16:59","lastModifiedDate":"2026-06-01 17:57:16","problem_types":["CWE-201","CWE-201 CWE-201 Insertion of Sensitive Information Into Sent Data"],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"42673","Ordinal":"1","Title":"WordPress Activity Logs, User Activity Tracking, Multisite Activ","CVE":"CVE-2026-42673","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"42673","Ordinal":"1","NoteData":"Insertion of Sensitive Information Into Sent Data vulnerability in Logtivity Activity Logs Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity allows Retrieve Embedded Sensitive Data.\n\nThis issue affects Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity: from n/a through 3.3.6.","Type":"Description","Title":"WordPress Activity Logs, User Activity Tracking, Multisite Activ"}]}}}