4 matches found
CVE-2023-3435
The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks...
CVE-2023-3435
CVE-2023-3435 affects the WordPress plugin User Activity Log, versions before 1.6.5. The root cause is improper sanitization/escaping of parameters used in an SQL statement during the plugin’s export feature, enabling unauthenticated SQL injection. The vulnerability is rated CRITICAL (CVSS v3.1: ...
CVE-2023-3435 User Activity Log < 1.6.5 - Unauthenticated SQLi
The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks...
WordPress User Activity Log Plugin < 1.6.5 is vulnerable to SQL Injection
Software User Activity Log Type Plugin Vulnerable versions 1.6.5 Fixed in 1.6.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-3435 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID fb9b4b06b7d7 Credits Marc Montpas Required privilege Unauthenticated...