CVE-2023-3435 User Activity Log < 1.6.5 - Unauthenticated SQLi

2023-08-1419:10:19

WPScan

www.cve.org

cve

2023

3435

user activity log

sql injection

wordpress

unauthenticated

0.001 Low

EPSS

Percentile

51.2%

JSON

The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "User Activity Log",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.6.5"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/30a37a61-0d16-46f7-b9d8-721d983afc6b

0.001 Low

EPSS

Percentile

51.2%

JSON

Related for CVELIST:CVE-2023-3435