Two SQL Injection vulnerabilities were identified in the WP Activity Log WordPress plugin. The changelog of the plugin states: "SQL Injection in external database module reported by WP deeply. Thank you for the responsible disclosure."
Fixed in version 4.1.5✓
2020-11-02 (about 11 months ago)
2020-11-08 (about 11 months ago)
2020-11-09 (about 11 months ago)