6 matches found
LogDash Activity Log <= 1.1.3 - SQL Injection
The LogDash Activity Log plugin for WordPress is vulnerable to SQL Injection via the username parameter in all versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2023-6030
creationtimestamp| type| source ---|---|--- 2026-03-12 21:02:36+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mgvcd3lteh23...
WordPress LogDash Activity Log plugin < 1.1.4 - Unauthenticated SQLi vulnerability
Unauthenticated SQLi vulnerability discovered by Nicolas Surribas in WordPress Plugin LogDash Activity Log versions 1.1.4...
CVE-2023-6030
The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wploginfailed function from src/Hooks/Users.php in order to log failed login attempts to the database but it doesn't escape the username when it perform some SQL request leading to a SQL injection vulnerability which can be exploite...
CVE-2023-6030 LogDash Activity Log < 1.1.4 - Unauthenticated SQLi
The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wploginfailed function from src/Hooks/Users.php in order to log failed login attempts to the database but it doesn't escape the username when it perform some SQL request leading to a SQL injection vulnerability which can be exploite...
CVE-2023-6030
The CVE-2023-6030 entry relates to the WordPress plugin LogDash Activity Log (versions before 1.1.4). The vulnerability arises when the plugin logs failed logins in src/Hooks/Users.php via wp_login_failed without escaping the username in a SQL query, causing a SQL injection. The risk is described...