WordPress Activity Log plugin version 2.3.1 suffers from a cross site scripting vulnerability.