4 matches found
CVE-2023-2761
The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise and escape the txtsearch parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin...
CVE-2023-2761 User Activity Log < 1.6.3 - Admin+ SQL Injection
The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise and escape the txtsearch parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin...
CVE-2023-2761 User Activity Log < 1.6.3 - Admin+ SQL Injection
The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise and escape the txtsearch parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin...
CVE-2023-2761
The CVE-2023-2761 entry concerns the WordPress plugin User Activity Log, affected in versions prior to 1.6.3. The vulnerability is a SQL injection in admin pages caused by improper sanitisation/escaping of the txtsearch parameter used in SQL statements. Impact is high: remote-like access is not r...