The WP Activity Log for WordPress is vulnerable to an attack known as Cross-Site Request Forgery. This means that if someone is able to trick a site administrator into clicking on a link, they can cause the WP Activity Log to run certain functions. This vulnerability affects versions up to and including 4.5.0 because of missing or incorrect nonce validation on the ajax_run_cleanup function.