LogDash Activity Log <= 1.1.3 - SQL Injection

The LogDash Activity Log plugin for WordPress is vulnerable to SQL Injection via the username parameter in all versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

EUVD-2023-58288

Malicious code in bioql PyPI...

CVE-2023-6030

The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wploginfailed function from src/Hooks/Users.php in order to log failed login attempts to the database but it doesn't escape the username when it perform some SQL request leading to a SQL injection vulnerability which can be exploite...

WordPress LogDash Activity Log plugin < 1.1.4 - Unauthenticated SQLi vulnerability

Unauthenticated SQLi vulnerability discovered by Nicolas Surribas in WordPress Plugin LogDash Activity Log versions 1.1.4...

CVE-2023-6030

The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wploginfailed function from src/Hooks/Users.php in order to log failed login attempts to the database but it doesn't escape the username when it perform some SQL request leading to a SQL injection vulnerability which can be exploite...

CVE-2023-6030

The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wploginfailed function from src/Hooks/Users.php in order to log failed login attempts to the database but it doesn't escape the username when it perform some SQL request leading to a SQL injection vulnerability which can be exploite...

CVE-2023-6030 LogDash Activity Log < 1.1.4 - Unauthenticated SQLi

The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wploginfailed function from src/Hooks/Users.php in order to log failed login attempts to the database but it doesn't escape the username when it perform some SQL request leading to a SQL injection vulnerability which can be exploite...

CVE-2023-6030 LogDash Activity Log < 1.1.4 - Unauthenticated SQLi

The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wploginfailed function from src/Hooks/Users.php in order to log failed login attempts to the database but it doesn't escape the username when it perform some SQL request leading to a SQL injection vulnerability which can be exploite...

CVE-2023-6030

The CVE-2023-6030 entry relates to the WordPress plugin LogDash Activity Log (versions before 1.1.4). The vulnerability arises when the plugin logs failed logins in src/Hooks/Users.php via wp_login_failed without escaping the username in a SQL query, causing a SQL injection. The risk is described...

WordPress plugin LogDash Activity Log 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2025-21372

Name of the Vulnerable Software and Affected Versions: LogDash Activity Log WordPress plugin versions prior to 1.1.4 Description: The issue concerns a SQL injection vulnerability. It occurs because the plugin does not properly escape the username when performing SQL requests, specifically when...