Lucene search
K

4 matches found

NVD
NVD
added 2023/08/14 8:15 p.m.15 views

CVE-2023-3435

The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks...

9.8CVSS9.8AI score0.00808EPSS
Exploits2References1
CVE
CVE
added 2023/08/14 7:10 p.m.76 views

CVE-2023-3435

CVE-2023-3435 affects the WordPress plugin User Activity Log, versions before 1.6.5. The root cause is improper sanitization/escaping of parameters used in an SQL statement during the plugin’s export feature, enabling unauthenticated SQL injection. The vulnerability is rated CRITICAL (CVSS v3.1: ...

9.8CVSS9.8AI score0.00808EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/14 7:10 p.m.13 views

CVE-2023-3435 User Activity Log < 1.6.5 - Unauthenticated SQLi

The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks...

7.5AI score0.00808EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/07/27 12:0 a.m.9 views

WordPress User Activity Log Plugin < 1.6.5 is vulnerable to SQL Injection

Software User Activity Log Type Plugin Vulnerable versions 1.6.5 Fixed in 1.6.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-3435 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID fb9b4b06b7d7 Credits Marc Montpas Required privilege Unauthenticated...

9.8CVSS7.2AI score0.00808EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder