The WP Activity Log plugin for WordPress is vulnerable to a type of attack called SQL Injection. This type of attack can be used to extract sensitive information from the WordPress database. This vulnerability affects all versions up to and including 4.1.4 and is caused by the plugin not properly protecting user-supplied data and failing to properly prepare existing SQL queries.