The WP Activity Log Premium plugin for WordPress has a security vulnerability that allows hackers to access sensitive information from the database. This is possible because the plugin does not properly protect against SQL Injection, which is a type of attack that can manipulate database queries. The vulnerability affects all versions up to and including 4.6.4, and can be exploited by authenticated attackers with subscriber privileges.